Compile with -Wsuggest-attribute=malloc. We already employ this attribute extensively to help the compiler improve optimization. However, a few malloc-like functions were not yet marked with __malloc. Fix that and enable the warning to make sure that new malloc-like functions get marked. Since not all supported compilers know about this warning option, we need to check at compile time whether the option is supported. Thanks to the existing cc-option make(1) function, this is a simple one-liner for Makefile.real.
server: No longer accept "sideband" and "aes_ctr128" features. Both features are used unconditionally since commit d44413588dd7 (v0.6.3-27) from three years ago when the client stopped to request the feature. We don't need to support clients older than that any more, so fail the request if these features are still requested. Clarify the comment about the sha256 feature while at it.
Merge topic branch t/crypt-cleanups into master This bunch of mostry trivial changes can be merged early, before the openssl code is converted to use the EVP API. The topic was cooking in next for six months. * refs/heads/t/crypt-cleanups: openssl: Assign bignums in canonical order. openssl: Unify naming of public key structures. openssl: Rename read_private_rsa_params() -> read_openssh_private_key(). openssl: Rename read_rsa_bignums() -> read_public_key(). openssl: Dedox crypt_init(). server: Improve "loading pubkey" log message. gcrypt: Remove pointless state variable. client: Reduce line length.
Merge topic branch t/afs-ls-a into master A new feature for the ls command. Unfortunately, several bugs were found after the topic graduated to next, so the series contains a few fixup commits on top of the single patch which implements the feature. * refs/heads/t/afs-ls-a: afs: Really fix memory leak in mood_load(). afs: Fix memory leak in mood_load(). playlist: Fix error handling of playlist_load(). server: Fix NULL pointer dereference in com_ls(). Implement ls --admissible=m/foo.
Merge topic branch t/fd into master A rash of patches which clean up a good part of fd.c. Nothing major here, mostly simplifications and documentation improvements. * refs/heads/t/fd: fd: Simplify and move for_each_file_in_dir(). fd.c: Improve error checking of para_mkdir(). fd: Revamp para_mkdir(). fd: Improve read_pattern(), rename it to read_and_compare(). fd: Remove log message from para_munmap(). fd: Open-code para_chdir(). fd: Remove file_exists(). fd: Improve documentation of xwritev(). fd: Improve documentation of write_all(). fd: Improve documentation of write_va_buffer().
playlist: Fix error handling of playlist_load(). We open a fresh score table if the result pointer is not NULL, indicating that we are called from com_ls() (with -a=p/foo) rather than from com_select(). However, if an error occurs afterwards, we call score_close() unconditionally. This is wrong in the result == NULL case (com_select()) because it closes the global score table which is expected to stay open. The result is a UAF, which is diagnosed by valgrind as follows: ==4767== Invalid read of size 4 ==4767== at 0x408C51E: osl_add_and_get_row (osl.c:1216) ==4767== by 0x408CA99: osl_add_row (osl.c:1348) ==4767== by 0x8060648: score_add (score.c:116) ==4767== by 0x805F08C: add_to_score_table (mood.c:451) ==4767== by 0x805FA3E: mood_load (mood.c:650) ==4767== by 0x8057ECF: activate_mood_or_playlist (afs.c:447) ==4767== by 0x8059637: com_select_callback (afs.c:1005) Fixes: 2d2637cb4c9ab76fea6bc336b9af88fd00bf5e08
server: Fix NULL pointer dereference in com_ls(). The previous commit which extended the -a option of the ls command to accept an optional argument introduced the following flaw: If the argument of -a corresponds to the name of a mood for which no files are admissible, the server crashes due to a NULL pointer dereference because mood_load() leaves the mood instance pointer uninitialized although it returns zero, indicating success. This behaviour of mood_load() contradicts the promises made in its documentation. Fix mood_load() by not special-casing the "zero admissible files" case, which even simplifies the code a bit. If all goes well but no files turn out to be admissible, we now open the score table anyway and set the mood pointer to the allocated mood as usual. Since get_statistics() may now be called with zero admissible files, we have to add a check there before dividing by the number of admissible files, Fixes: 2d2637cb4c9ab76fea6bc336b9af88fd00bf5e08