Index: stable/11/lib/libgssapi/gss_buffer_set.c
===================================================================
--- stable/11/lib/libgssapi/gss_buffer_set.c	(revision 318120)
+++ stable/11/lib/libgssapi/gss_buffer_set.c	(revision 318121)
@@ -1,126 +1,126 @@
 /*
  * Copyright (c) 2004, PADL Software Pty Ltd.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  *
  * 3. Neither the name of PADL Software nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 /* $FreeBSD$ */
 
 #include <gssapi/gssapi.h>
 #include <errno.h>
 #include <stdlib.h>
 #include <string.h>
 
 /* RCSID("$Id: gss_buffer_set.c 18885 2006-10-24 21:53:02Z lha $"); */
 
 OM_uint32 
 gss_create_empty_buffer_set(OM_uint32 * minor_status,
     gss_buffer_set_t *buffer_set)
 {
 	gss_buffer_set_t set;
 
 	set = (gss_buffer_set_desc *) malloc(sizeof(*set));
 	if (set == GSS_C_NO_BUFFER_SET) {
 		*minor_status = ENOMEM;
 		return (GSS_S_FAILURE);
 	}
 
 	set->count = 0;
 	set->elements = NULL;
 
 	*buffer_set = set;
 
 	*minor_status = 0;
 	return (GSS_S_COMPLETE);
 }
 
 OM_uint32
 gss_add_buffer_set_member(OM_uint32 * minor_status,
     const gss_buffer_t member_buffer, gss_buffer_set_t *buffer_set)
 {
 	gss_buffer_set_t set;
 	gss_buffer_t p;
 	OM_uint32 ret;
 
 	if (*buffer_set == GSS_C_NO_BUFFER_SET) {
 		ret = gss_create_empty_buffer_set(minor_status,
 		    buffer_set);
 		if (ret) {
 			return (ret);
 		}
 	}
 
 	set = *buffer_set;
-	set->elements = realloc(set->elements,
-	    (set->count + 1) * sizeof(set->elements[0]));
+	set->elements = reallocarray(set->elements, set->count + 1,
+	    sizeof(set->elements[0]));
 	if (set->elements == NULL) {
 		*minor_status = ENOMEM;
 		return (GSS_S_FAILURE);
 	}
 
 	p = &set->elements[set->count];
 
 	p->value = malloc(member_buffer->length);
 	if (p->value == NULL) {
 		*minor_status = ENOMEM;
 		return (GSS_S_FAILURE);
 	}
 	memcpy(p->value, member_buffer->value, member_buffer->length);
 	p->length = member_buffer->length;
 
 	set->count++;
 
 	*minor_status = 0;
 	return (GSS_S_COMPLETE);
 }
 
 OM_uint32
 gss_release_buffer_set(OM_uint32 * minor_status, gss_buffer_set_t *buffer_set)
 {
 	size_t i;
 	OM_uint32 minor;
 
 	*minor_status = 0;
 
 	if (*buffer_set == GSS_C_NO_BUFFER_SET)
 		return (GSS_S_COMPLETE);
 
 	for (i = 0; i < (*buffer_set)->count; i++)
 		gss_release_buffer(&minor, &((*buffer_set)->elements[i]));
 
 	free((*buffer_set)->elements);
 
 	(*buffer_set)->elements = NULL;
 	(*buffer_set)->count = 0;
 
 	free(*buffer_set);
 	*buffer_set = GSS_C_NO_BUFFER_SET;
 
 	return (GSS_S_COMPLETE);
 }
 
Index: stable/11/lib/libiconv_modules/ISO2022/citrus_iso2022.c
===================================================================
--- stable/11/lib/libiconv_modules/ISO2022/citrus_iso2022.c	(revision 318120)
+++ stable/11/lib/libiconv_modules/ISO2022/citrus_iso2022.c	(revision 318121)
@@ -1,1291 +1,1291 @@
 /* $FreeBSD$ */
 /*	$NetBSD: citrus_iso2022.c,v 1.20 2010/12/07 22:01:45 joerg Exp $	*/
 
 /*-
  * Copyright (c)1999, 2002 Citrus Project,
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
  *	$Citrus: xpg4dl/FreeBSD/lib/libc/locale/iso2022.c,v 1.23 2001/06/21 01:51:44 yamt Exp $
  */
 
 #include <sys/cdefs.h>
 #include <sys/types.h>
 
 #include <assert.h>
 #include <errno.h>
 #include <limits.h>
 #include <stdbool.h>
 #include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <wchar.h>
 
 #include "citrus_namespace.h"
 #include "citrus_types.h"
 #include "citrus_module.h"
 #include "citrus_stdenc.h"
 #include "citrus_iso2022.h"
 
 
 /* ----------------------------------------------------------------------
  * private stuffs used by templates
  */
 
 
 /*
  * wchar_t mappings:
  * ASCII (ESC ( B)		00000000 00000000 00000000 0xxxxxxx
  * iso-8859-1 (ESC , A)		00000000 00000000 00000000 1xxxxxxx
  * 94 charset (ESC ( F)		0fffffff 00000000 00000000 0xxxxxxx
  * 94 charset (ESC ( M F)	0fffffff 1mmmmmmm 00000000 0xxxxxxx
  * 96 charset (ESC , F)		0fffffff 00000000 00000000 1xxxxxxx
  * 96 charset (ESC , M F)	0fffffff 1mmmmmmm 00000000 1xxxxxxx
  * 94x94 charset (ESC $ ( F)	0fffffff 00000000 0xxxxxxx 0xxxxxxx
  * 96x96 charset (ESC $ , F)	0fffffff 00000000 0xxxxxxx 1xxxxxxx
  * 94x94 charset (ESC & V ESC $ ( F)
  *				0fffffff 1vvvvvvv 0xxxxxxx 0xxxxxxx
  * 94x94x94 charset (ESC $ ( F)	0fffffff 0xxxxxxx 0xxxxxxx 0xxxxxxx
  * 96x96x96 charset (ESC $ , F)	0fffffff 0xxxxxxx 0xxxxxxx 1xxxxxxx
  * reserved for UCS4 co-existence (UCS4 is 31bit encoding thanks to mohta bit)
  *				1xxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx
  */
 
 #define CS94		(0U)
 #define CS96		(1U)
 #define CS94MULTI	(2U)
 #define CS96MULTI	(3U)
 
 typedef struct {
 	unsigned char	 type;
 	unsigned char	 final;
 	unsigned char	 interm;
 	unsigned char	 vers;
 } _ISO2022Charset;
 
 static const _ISO2022Charset ascii    = { CS94, 'B', '\0', '\0' };
 static const _ISO2022Charset iso88591 = { CS96, 'A', '\0', '\0' };
 
 typedef struct {
 	_ISO2022Charset	g[4];
 	/* need 3 bits to hold -1, 0, ..., 3 */
 	int	gl:3,
 		gr:3,
 		singlegl:3,
 		singlegr:3;
 	char ch[7];	/* longest escape sequence (ESC & V ESC $ ( F) */
 	size_t chlen;
 	int flags;
 #define _ISO2022STATE_FLAG_INITIALIZED	1
 } _ISO2022State;
 
 typedef struct {
 	_ISO2022Charset	*recommend[4];
 	size_t	recommendsize[4];
 	_ISO2022Charset	initg[4];
 	int	maxcharset;
 	int	flags;
 #define	F_8BIT	0x0001
 #define	F_NOOLD	0x0002
 #define	F_SI	0x0010	/*0F*/
 #define	F_SO	0x0020	/*0E*/
 #define	F_LS0	0x0010	/*0F*/
 #define	F_LS1	0x0020	/*0E*/
 #define	F_LS2	0x0040	/*ESC n*/
 #define	F_LS3	0x0080	/*ESC o*/
 #define	F_LS1R	0x0100	/*ESC ~*/
 #define	F_LS2R	0x0200	/*ESC }*/
 #define	F_LS3R	0x0400	/*ESC |*/
 #define	F_SS2	0x0800	/*ESC N*/
 #define	F_SS3	0x1000	/*ESC O*/
 #define	F_SS2R	0x2000	/*8E*/
 #define	F_SS3R	0x4000	/*8F*/
 } _ISO2022EncodingInfo;
 
 #define _CEI_TO_EI(_cei_)		(&(_cei_)->ei)
 #define _CEI_TO_STATE(_cei_, _func_)	(_cei_)->states.s_##_func_
 
 #define _FUNCNAME(m)			_citrus_ISO2022_##m
 #define _ENCODING_INFO			_ISO2022EncodingInfo
 #define _ENCODING_STATE			_ISO2022State
 #define _ENCODING_MB_CUR_MAX(_ei_)	MB_LEN_MAX
 #define _ENCODING_IS_STATE_DEPENDENT	1
 #define _STATE_NEEDS_EXPLICIT_INIT(_ps_)	\
     (!((_ps_)->flags & _ISO2022STATE_FLAG_INITIALIZED))
 
 
 #define _ISO2022INVALID (wchar_t)-1
 
 static __inline bool isc0(__uint8_t x)
 {
 
 	return ((x & 0x1f) == x);
 }
 
 static __inline bool isc1(__uint8_t x)
 {
 
 	return (0x80 <= x && x <= 0x9f);
 }
 
 static __inline bool iscntl(__uint8_t x)
 {
 
 	return (isc0(x) || isc1(x) || x == 0x7f);
 }
 
 static __inline bool is94(__uint8_t x)
 {
 
 	return (0x21 <= x && x <= 0x7e);
 }
 
 static __inline bool is96(__uint8_t x)
 {
 
 	return (0x20 <= x && x <= 0x7f);
 }
 
 static __inline bool isecma(__uint8_t x)
 {
 
 	return (0x30 <= x && x <= 0x7f);
 }
 
 static __inline bool isinterm(__uint8_t x)
 {
 
 	return (0x20 <= x && x <= 0x2f);
 }
 
 static __inline bool isthree(__uint8_t x)
 {
 
 	return (0x60 <= x && x <= 0x6f);
 }
 
 static __inline int
 getcs(const char * __restrict p, _ISO2022Charset * __restrict cs)
 {
 
 	if (!strncmp(p, "94$", 3) && p[3] && !p[4]) {
 		cs->final = (unsigned char)(p[3] & 0xff);
 		cs->interm = '\0';
 		cs->vers = '\0';
 		cs->type = CS94MULTI;
 	} else if (!strncmp(p, "96$", 3) && p[3] && !p[4]) {
 		cs->final = (unsigned char)(p[3] & 0xff);
 		cs->interm = '\0';
 		cs->vers = '\0';
 		cs->type = CS96MULTI;
 	} else if (!strncmp(p, "94", 2) && p[2] && !p[3]) {
 		cs->final = (unsigned char)(p[2] & 0xff);
 		cs->interm = '\0';
 		cs->vers = '\0';
 		cs->type = CS94;
 	} else if (!strncmp(p, "96", 2) && p[2] && !p[3]) {
 		cs->final = (unsigned char )(p[2] & 0xff);
 		cs->interm = '\0';
 		cs->vers = '\0';
 		cs->type = CS96;
 	} else
 		return (1);
 
 	return (0);
 }
 
 
 #define _NOTMATCH	0
 #define _MATCH		1
 #define _PARSEFAIL	2
 
 static __inline int
 get_recommend(_ISO2022EncodingInfo * __restrict ei,
     const char * __restrict token)
 {
 	_ISO2022Charset cs, *p;
 	int i;
 
 	if (!strchr("0123", token[0]) || token[1] != '=')
 		return (_NOTMATCH);
 
 	if (getcs(&token[2], &cs) == 0)
 		;
 	else if (!strcmp(&token[2], "94")) {
 		cs.final = (unsigned char)(token[4]);
 		cs.interm = '\0';
 		cs.vers = '\0';
 		cs.type = CS94;
 	} else if (!strcmp(&token[2], "96")) {
 		cs.final = (unsigned char)(token[4]);
 		cs.interm = '\0';
 		cs.vers = '\0';
 		cs.type = CS96;
 	} else if (!strcmp(&token[2], "94$")) {
 		cs.final = (unsigned char)(token[5]);
 		cs.interm = '\0';
 		cs.vers = '\0';
 		cs.type = CS94MULTI;
 	} else if (!strcmp(&token[2], "96$")) {
 		cs.final = (unsigned char)(token[5]);
 		cs.interm = '\0';
 		cs.vers = '\0';
 		cs.type = CS96MULTI;
 	} else
 		return (_PARSEFAIL);
 
 	i = token[0] - '0';
 	if (!ei->recommend[i])
 		ei->recommend[i] = malloc(sizeof(_ISO2022Charset));
 	else {
-		p = realloc(ei->recommend[i],
-		    sizeof(_ISO2022Charset) * (ei->recommendsize[i] + 1));
+		p = reallocarray(ei->recommend[i], ei->recommendsize[i] + 1,
+		    sizeof(_ISO2022Charset));
 		if (!p)
 			return (_PARSEFAIL);
 		ei->recommend[i] = p;
 	}
 	if (!ei->recommend[i])
 		return (_PARSEFAIL);
 	ei->recommendsize[i]++;
 
 	(ei->recommend[i] + (ei->recommendsize[i] - 1))->final = cs.final;
 	(ei->recommend[i] + (ei->recommendsize[i] - 1))->interm = cs.interm;
 	(ei->recommend[i] + (ei->recommendsize[i] - 1))->vers = cs.vers;
 	(ei->recommend[i] + (ei->recommendsize[i] - 1))->type = cs.type;
 
 	return (_MATCH);
 }
 
 static __inline int
 get_initg(_ISO2022EncodingInfo * __restrict ei,
     const char * __restrict token)
 {
 	_ISO2022Charset cs;
 
 	if (strncmp("INIT", &token[0], 4) ||
 	    !strchr("0123", token[4]) ||
 	    token[5] != '=')
 		return (_NOTMATCH);
 
 	if (getcs(&token[6], &cs) != 0)
 		return (_PARSEFAIL);
 
 	ei->initg[token[4] - '0'].type = cs.type;
 	ei->initg[token[4] - '0'].final = cs.final;
 	ei->initg[token[4] - '0'].interm = cs.interm;
 	ei->initg[token[4] - '0'].vers = cs.vers;
 
 	return (_MATCH);
 }
 
 static __inline int
 get_max(_ISO2022EncodingInfo * __restrict ei,
     const char * __restrict token)
 {
 	if (!strcmp(token, "MAX1"))
 		ei->maxcharset = 1;
 	else if (!strcmp(token, "MAX2"))
 		ei->maxcharset = 2;
 	else if (!strcmp(token, "MAX3"))
 		ei->maxcharset = 3;
 	else
 		return (_NOTMATCH);
 
 	return (_MATCH);
 }
 
 
 static __inline int
 get_flags(_ISO2022EncodingInfo * __restrict ei,
     const char * __restrict token)
 {
 	static struct {
 		const char	*tag;
 		int		flag;
 	} const tags[] = {
 		{ "DUMMY",	0	},
 		{ "8BIT",	F_8BIT	},
 		{ "NOOLD",	F_NOOLD	},
 		{ "SI",		F_SI	},
 		{ "SO",		F_SO	},
 		{ "LS0",	F_LS0	},
 		{ "LS1",	F_LS1	},
 		{ "LS2",	F_LS2	},
 		{ "LS3",	F_LS3	},
 		{ "LS1R",	F_LS1R	},
 		{ "LS2R",	F_LS2R	},
 		{ "LS3R",	F_LS3R	},
 		{ "SS2",	F_SS2	},
 		{ "SS3",	F_SS3	},
 		{ "SS2R",	F_SS2R	},
 		{ "SS3R",	F_SS3R	},
 		{ NULL,		0 }
 	};
 	int i;
 
 	for (i = 0; tags[i].tag; i++)
 		if (!strcmp(token, tags[i].tag)) {
 			ei->flags |= tags[i].flag;
 			return (_MATCH);
 		}
 
 	return (_NOTMATCH);
 }
 
 
 static __inline int
 _citrus_ISO2022_parse_variable(_ISO2022EncodingInfo * __restrict ei,
     const void * __restrict var, size_t lenvar __unused)
 {
 	char const *e, *v;
 	char buf[20];
 	size_t len;
 	int i, ret;
 
 	/*
 	 * parse VARIABLE section.
 	 */
 
 	if (!var)
 		return (EFTYPE);
 
 	v = (const char *) var;
 
 	/* initialize structure */
 	ei->maxcharset = 0;
 	for (i = 0; i < 4; i++) {
 		ei->recommend[i] = NULL;
 		ei->recommendsize[i] = 0;
 	}
 	ei->flags = 0;
 
 	while (*v) {
 		while (*v == ' ' || *v == '\t')
 			++v;
 
 		/* find the token */
 		e = v;
 		while (*e && *e != ' ' && *e != '\t')
 			++e;
 
 		len = e - v;
 		if (len == 0)
 			break;
 		if (len >= sizeof(buf))
 			goto parsefail;
 		snprintf(buf, sizeof(buf), "%.*s", (int)len, v);
 
 		if ((ret = get_recommend(ei, buf)) != _NOTMATCH)
 			;
 		else if ((ret = get_initg(ei, buf)) != _NOTMATCH)
 			;
 		else if ((ret = get_max(ei, buf)) != _NOTMATCH)
 			;
 		else if ((ret = get_flags(ei, buf)) != _NOTMATCH)
 			;
 		else
 			ret = _PARSEFAIL;
 		if (ret == _PARSEFAIL)
 			goto parsefail;
 		v = e;
 
 	}
 
 	return (0);
 
 parsefail:
 	free(ei->recommend[0]);
 	free(ei->recommend[1]);
 	free(ei->recommend[2]);
 	free(ei->recommend[3]);
 
 	return (EFTYPE);
 }
 
 static __inline void
 /*ARGSUSED*/
 _citrus_ISO2022_init_state(_ISO2022EncodingInfo * __restrict ei,
     _ISO2022State * __restrict s)
 {
 	int i;
 
 	memset(s, 0, sizeof(*s));
 	s->gl = 0;
 	s->gr = (ei->flags & F_8BIT) ? 1 : -1;
 
 	for (i = 0; i < 4; i++)
 		if (ei->initg[i].final) {
 			s->g[i].type = ei->initg[i].type;
 			s->g[i].final = ei->initg[i].final;
 			s->g[i].interm = ei->initg[i].interm;
 		}
 	s->singlegl = s->singlegr = -1;
 	s->flags |= _ISO2022STATE_FLAG_INITIALIZED;
 }
 
 #if 0
 static __inline void
 /*ARGSUSED*/
 _citrus_ISO2022_pack_state(_ISO2022EncodingInfo * __restrict ei __unused,
     void * __restrict pspriv, const _ISO2022State * __restrict s)
 {
 
 	memcpy(pspriv, (const void *)s, sizeof(*s));
 }
 
 static __inline void
 /*ARGSUSED*/
 _citrus_ISO2022_unpack_state(_ISO2022EncodingInfo * __restrict ei __unused,
     _ISO2022State * __restrict s, const void * __restrict pspriv)
 {
 
 	memcpy((void *)s, pspriv, sizeof(*s));
 }
 #endif
 
 static int
 /*ARGSUSED*/
 _citrus_ISO2022_encoding_module_init(_ISO2022EncodingInfo * __restrict ei,
     const void * __restrict var, size_t lenvar)
 {
 
 	return (_citrus_ISO2022_parse_variable(ei, var, lenvar));
 }
 
 static void
 /*ARGSUSED*/
 _citrus_ISO2022_encoding_module_uninit(_ISO2022EncodingInfo *ei __unused)
 {
 
 }
 
 #define	ESC	'\033'
 #define	ECMA	-1
 #define	INTERM	-2
 #define	OECMA	-3
 static const struct seqtable {
 	int type;
 	int csoff;
 	int finaloff;
 	int intermoff;
 	int versoff;
 	int len;
 	int chars[10];
 } seqtable[] = {
 	/* G0 94MULTI special */
 	{ CS94MULTI, -1, 2, -1, -1,	3, { ESC, '$', OECMA }, },
 	/* G0 94MULTI special with version identification */
 	{ CS94MULTI, -1, 5, -1, 2,	6, { ESC, '&', ECMA, ESC, '$', OECMA }, },
 	/* G? 94 */
 	{ CS94, 1, 2, -1, -1,		3, { ESC, CS94, ECMA, }, },
 	/* G? 94 with 2nd intermediate char */
 	{ CS94, 1, 3, 2, -1,		4, { ESC, CS94, INTERM, ECMA, }, },
 	/* G? 96 */
 	{ CS96, 1, 2, -1, -1,		3, { ESC, CS96, ECMA, }, },
 	/* G? 96 with 2nd intermediate char */
 	{ CS96, 1, 3, 2, -1,		4, { ESC, CS96, INTERM, ECMA, }, },
 	/* G? 94MULTI */
 	{ CS94MULTI, 2, 3, -1, -1,	4, { ESC, '$', CS94, ECMA, }, },
 	/* G? 96MULTI */
 	{ CS96MULTI, 2, 3, -1, -1,	4, { ESC, '$', CS96, ECMA, }, },
 	/* G? 94MULTI with version specification */
 	{ CS94MULTI, 5, 6, -1, 2,	7, { ESC, '&', ECMA, ESC, '$', CS94, ECMA, }, },
 	/* LS2/3 */
 	{ -1, -1, -1, -1, -1,		2, { ESC, 'n', }, },
 	{ -1, -1, -1, -1, -1,		2, { ESC, 'o', }, },
 	/* LS1/2/3R */
 	{ -1, -1, -1, -1, -1,		2, { ESC, '~', }, },
 	{ -1, -1, -1, -1, -1,		2, { ESC, /*{*/ '}', }, },
 	{ -1, -1, -1, -1, -1,		2, { ESC, '|', }, },
 	/* SS2/3 */
 	{ -1, -1, -1, -1, -1,		2, { ESC, 'N', }, },
 	{ -1, -1, -1, -1, -1,		2, { ESC, 'O', }, },
 	/* end of records */
 //	{ 0, }
 	{  0,  0,  0,  0,  0,		0, { ESC,  0, }, }
 };
 
 static int
 seqmatch(const char * __restrict s, size_t n,
     const struct seqtable * __restrict sp)
 {
 	const int *p;
 
 	p = sp->chars;
 	while ((size_t)(p - sp->chars) < n && p - sp->chars < sp->len) {
 		switch (*p) {
 		case ECMA:
 			if (!isecma(*s))
 				goto terminate;
 			break;
 		case OECMA:
 			if (*s && strchr("@AB", *s))
 				break;
 			else
 				goto terminate;
 		case INTERM:
 			if (!isinterm(*s))
 				goto terminate;
 			break;
 		case CS94:
 			if (*s && strchr("()*+", *s))
 				break;
 			else
 				goto terminate;
 		case CS96:
 			if (*s && strchr(",-./", *s))
 				break;
 			else
 				goto terminate;
 		default:
 			if (*s != *p)
 				goto terminate;
 			break;
 		}
 
 		p++;
 		s++;
 	}
 
 terminate:
 	return (p - sp->chars);
 }
 
 static wchar_t
 _ISO2022_sgetwchar(_ISO2022EncodingInfo * __restrict ei __unused,
     char * __restrict string, size_t n, char ** __restrict result,
     _ISO2022State * __restrict psenc)
 {
 	const struct seqtable *sp;
 	wchar_t wchar = 0;
 	int i, cur, nmatch;
 
 	while (1) {
 		/* SI/SO */
 		if (1 <= n && string[0] == '\017') {
 			psenc->gl = 0;
 			string++;
 			n--;
 			continue;
 		}
 		if (1 <= n && string[0] == '\016') {
 			psenc->gl = 1;
 			string++;
 			n--;
 			continue;
 		}
 
 		/* SS2/3R */
 		if (1 <= n && string[0] && strchr("\217\216", string[0])) {
 			psenc->singlegl = psenc->singlegr =
 			    (string[0] - '\216') + 2;
 			string++;
 			n--;
 			continue;
 		}
 
 		/* eat the letter if this is not ESC */
 		if (1 <= n && string[0] != '\033')
 			break;
 
 		/* look for a perfect match from escape sequences */
 		for (sp = &seqtable[0]; sp->len; sp++) {
 			nmatch = seqmatch(string, n, sp);
 			if (sp->len == nmatch && n >= (size_t)(sp->len))
 				break;
 		}
 
 		if (!sp->len)
 			goto notseq;
 
 		if (sp->type != -1) {
 			if (sp->csoff == -1)
 				i = 0;
 			else {
 				switch (sp->type) {
 				case CS94:
 				case CS94MULTI:
 					i = string[sp->csoff] - '(';
 					break;
 				case CS96:
 				case CS96MULTI:
 					i = string[sp->csoff] - ',';
 					break;
 				default:
 					return (_ISO2022INVALID);
 				}
 			}
 			psenc->g[i].type = sp->type;
 			psenc->g[i].final = '\0';
 			psenc->g[i].interm = '\0';
 			psenc->g[i].vers = '\0';
 			/* sp->finaloff must not be -1 */
 			if (sp->finaloff != -1)
 				psenc->g[i].final = string[sp->finaloff];
 			if (sp->intermoff != -1)
 				psenc->g[i].interm = string[sp->intermoff];
 			if (sp->versoff != -1)
 				psenc->g[i].vers = string[sp->versoff];
 
 			string += sp->len;
 			n -= sp->len;
 			continue;
 		}
 
 		/* LS2/3 */
 		if (2 <= n && string[0] == '\033' &&
 		    string[1] && strchr("no", string[1])) {
 			psenc->gl = string[1] - 'n' + 2;
 			string += 2;
 			n -= 2;
 			continue;
 		}
 
 		/* LS1/2/3R */
 			/* XXX: { for vi showmatch */
 		if (2 <= n && string[0] == '\033' &&
 		    string[1] && strchr("~}|", string[1])) {
 			psenc->gr = 3 - (string[1] - '|');
 			string += 2;
 			n -= 2;
 			continue;
 		}
 
 		/* SS2/3 */
 		if (2 <= n && string[0] == '\033' && string[1] &&
 		    strchr("NO", string[1])) {
 			psenc->singlegl = (string[1] - 'N') + 2;
 			string += 2;
 			n -= 2;
 			continue;
 		}
 
 	notseq:
 		/*
 		 * if we've got an unknown escape sequence, eat the ESC at the
 		 * head.  otherwise, wait till full escape sequence comes.
 		 */
 		for (sp = &seqtable[0]; sp->len; sp++) {
 			nmatch = seqmatch(string, n, sp);
 			if (!nmatch)
 				continue;
 
 			/*
 			 * if we are in the middle of escape sequence,
 			 * we still need to wait for more characters to come
 			 */
 			if (n < (size_t)(sp->len)) {
 				if ((size_t)(nmatch) == n) {
 					if (result)
 						*result = string;
 					return (_ISO2022INVALID);
 				}
 			} else {
 				if (nmatch == sp->len) {
 					/* this case should not happen */
 					goto eat;
 				}
 			}
 		}
 
 		break;
 	}
 
 eat:
 	/* no letter to eat */
 	if (n < 1) {
 		if (result)
 			*result = string;
 		return (_ISO2022INVALID);
 	}
 
 	/* normal chars.  always eat C0/C1 as is. */
 	if (iscntl(*string & 0xff))
 		cur = -1;
 	else if (*string & 0x80)
 		cur = (psenc->singlegr == -1) ? psenc->gr : psenc->singlegr;
 	else
 		cur = (psenc->singlegl == -1) ? psenc->gl : psenc->singlegl;
 
 	if (cur == -1) {
 asis:
 		wchar = *string++ & 0xff;
 		if (result)
 			*result = string;
 		/* reset single shift state */
 		psenc->singlegr = psenc->singlegl = -1;
 		return (wchar);
 	}
 
 	/* length error check */
 	switch (psenc->g[cur].type) {
 	case CS94MULTI:
 	case CS96MULTI:
 		if (!isthree(psenc->g[cur].final)) {
 			if (2 <= n &&
 			    (string[0] & 0x80) == (string[1] & 0x80))
 				break;
 		} else {
 			if (3 <= n &&
 			    (string[0] & 0x80) == (string[1] & 0x80) &&
 			    (string[0] & 0x80) == (string[2] & 0x80))
 				break;
 		}
 
 		/* we still need to wait for more characters to come */
 		if (result)
 			*result = string;
 		return (_ISO2022INVALID);
 
 	case CS94:
 	case CS96:
 		if (1 <= n)
 			break;
 
 		/* we still need to wait for more characters to come */
 		if (result)
 			*result = string;
 		return (_ISO2022INVALID);
 	}
 
 	/* range check */
 	switch (psenc->g[cur].type) {
 	case CS94:
 		if (!(is94(string[0] & 0x7f)))
 			goto asis;
 	case CS96:
 		if (!(is96(string[0] & 0x7f)))
 			goto asis;
 		break;
 	case CS94MULTI:
 		if (!(is94(string[0] & 0x7f) && is94(string[1] & 0x7f)))
 			goto asis;
 		break;
 	case CS96MULTI:
 		if (!(is96(string[0] & 0x7f) && is96(string[1] & 0x7f)))
 			goto asis;
 		break;
 	}
 
 	/* extract the character. */
 	switch (psenc->g[cur].type) {
 	case CS94:
 		/* special case for ASCII. */
 		if (psenc->g[cur].final == 'B' && !psenc->g[cur].interm) {
 			wchar = *string++;
 			wchar &= 0x7f;
 			break;
 		}
 		wchar = psenc->g[cur].final;
 		wchar = (wchar << 8);
 		wchar |= (psenc->g[cur].interm ? (0x80 | psenc->g[cur].interm) : 0);
 		wchar = (wchar << 8);
 		wchar = (wchar << 8) | (*string++ & 0x7f);
 		break;
 	case CS96:
 		/* special case for ISO-8859-1. */
 		if (psenc->g[cur].final == 'A' && !psenc->g[cur].interm) {
 			wchar = *string++;
 			wchar &= 0x7f;
 			wchar |= 0x80;
 			break;
 		}
 		wchar = psenc->g[cur].final;
 		wchar = (wchar << 8);
 		wchar |= (psenc->g[cur].interm ? (0x80 | psenc->g[cur].interm) : 0);
 		wchar = (wchar << 8);
 		wchar = (wchar << 8) | (*string++ & 0x7f);
 		wchar |= 0x80;
 		break;
 	case CS94MULTI:
 	case CS96MULTI:
 		wchar = psenc->g[cur].final;
 		wchar = (wchar << 8);
 		if (isthree(psenc->g[cur].final))
 			wchar |= (*string++ & 0x7f);
 		wchar = (wchar << 8) | (*string++ & 0x7f);
 		wchar = (wchar << 8) | (*string++ & 0x7f);
 		if (psenc->g[cur].type == CS96MULTI)
 			wchar |= 0x80;
 		break;
 	}
 
 	if (result)
 		*result = string;
 	/* reset single shift state */
 	psenc->singlegr = psenc->singlegl = -1;
 	return (wchar);
 }
 
 
 
 static int
 _citrus_ISO2022_mbrtowc_priv(_ISO2022EncodingInfo * __restrict ei,
     wchar_t * __restrict pwc, char ** __restrict s,
     size_t n, _ISO2022State * __restrict psenc, size_t * __restrict nresult)
 {
 	char *p, *result, *s0;
 	wchar_t wchar;
 	int c, chlenbak;
 
 	if (*s == NULL) {
 		_citrus_ISO2022_init_state(ei, psenc);
 		*nresult = _ENCODING_IS_STATE_DEPENDENT;
 		return (0);
 	}
 	s0 = *s;
 	c = 0;
 	chlenbak = psenc->chlen;
 
 	/*
 	 * if we have something in buffer, use that.
 	 * otherwise, skip here
 	 */
 	if (psenc->chlen > sizeof(psenc->ch)) {
 		/* illgeal state */
 		_citrus_ISO2022_init_state(ei, psenc);
 		goto encoding_error;
 	}
 	if (psenc->chlen == 0)
 		goto emptybuf;
 
 	/* buffer is not empty */
 	p = psenc->ch;
 	while (psenc->chlen < sizeof(psenc->ch)) {
 		if (n > 0) {
 			psenc->ch[psenc->chlen++] = *s0++;
 			n--;
 		}
 
 		wchar = _ISO2022_sgetwchar(ei, p, psenc->chlen - (p-psenc->ch),
 		    &result, psenc);
 		c += result - p;
 		if (wchar != _ISO2022INVALID) {
 			if (psenc->chlen > (size_t)c)
 				memmove(psenc->ch, result, psenc->chlen - c);
 			if (psenc->chlen < (size_t)c)
 				psenc->chlen = 0;
 			else
 				psenc->chlen -= c;
 			goto output;
 		}
 
 		if (n == 0) {
 			if ((size_t)(result - p) == psenc->chlen)
 				/* complete shift sequence. */
 				psenc->chlen = 0;
 			goto restart;
 		}
 
 		p = result;
 	}
 
 	/* escape sequence too long? */
 	goto encoding_error;
 
 emptybuf:
 	wchar = _ISO2022_sgetwchar(ei, s0, n, &result, psenc);
 	if (wchar != _ISO2022INVALID) {
 		c += result - s0;
 		psenc->chlen = 0;
 		s0 = result;
 		goto output;
 	}
 	if (result > s0) {
 		c += (result - s0);
 		n -= (result - s0);
 		s0 = result;
 		if (n > 0)
 			goto emptybuf;
 		/* complete shift sequence. */
 		goto restart;
 	}
 	n += c;
 	if (n < sizeof(psenc->ch)) {
 		memcpy(psenc->ch, s0 - c, n);
 		psenc->chlen = n;
 		s0 = result;
 		goto restart;
 	}
 
 	/* escape sequence too long? */
 
 encoding_error:
 	psenc->chlen = 0;
 	*nresult = (size_t)-1;
 	return (EILSEQ);
 
 output:
 	*s = s0;
 	if (pwc)
 		*pwc = wchar;
 	*nresult = wchar ? c - chlenbak : 0;
 	return (0);
 
 restart:
 	*s = s0;
 	*nresult = (size_t)-2;
 
 	return (0);
 }
 
 static int
 recommendation(_ISO2022EncodingInfo * __restrict ei,
     _ISO2022Charset * __restrict cs)
 {
 	_ISO2022Charset *recommend;
 	size_t j;
 	int i;
 
 	/* first, try a exact match. */
 	for (i = 0; i < 4; i++) {
 		recommend = ei->recommend[i];
 		for (j = 0; j < ei->recommendsize[i]; j++) {
 			if (cs->type != recommend[j].type)
 				continue;
 			if (cs->final != recommend[j].final)
 				continue;
 			if (cs->interm != recommend[j].interm)
 				continue;
 
 			return (i);
 		}
 	}
 
 	/* then, try a wildcard match over final char. */
 	for (i = 0; i < 4; i++) {
 		recommend = ei->recommend[i];
 		for (j = 0; j < ei->recommendsize[i]; j++) {
 			if (cs->type != recommend[j].type)
 				continue;
 			if (cs->final && (cs->final != recommend[j].final))
 				continue;
 			if (cs->interm && (cs->interm != recommend[j].interm))
 				continue;
 
 			return (i);
 		}
 	}
 
 	/* there's no recommendation. make a guess. */
 	if (ei->maxcharset == 0) {
 		return (0);
 	} else {
 		switch (cs->type) {
 		case CS94:
 		case CS94MULTI:
 			return (0);
 		case CS96:
 		case CS96MULTI:
 			return (1);
 		}
 	}
 	return (0);
 }
 
 static int
 _ISO2022_sputwchar(_ISO2022EncodingInfo * __restrict ei, wchar_t wc,
     char * __restrict string, size_t n, char ** __restrict result,
     _ISO2022State * __restrict psenc, size_t * __restrict nresult)
 {
 	_ISO2022Charset cs;
 	char *p;
 	char tmp[MB_LEN_MAX];
 	size_t len;
 	int bit8, i = 0, target;
 	unsigned char mask;
 
 	if (isc0(wc & 0xff)) {
 		/* go back to INIT0 or ASCII on control chars */
 		cs = ei->initg[0].final ? ei->initg[0] : ascii;
 	} else if (isc1(wc & 0xff)) {
 		/* go back to INIT1 or ISO-8859-1 on control chars */
 		cs = ei->initg[1].final ? ei->initg[1] : iso88591;
 	} else if (!(wc & ~0xff)) {
 		if (wc & 0x80) {
 			/* special treatment for ISO-8859-1 */
 			cs = iso88591;
 		} else {
 			/* special treatment for ASCII */
 			cs = ascii;
 		}
 	} else {
 		cs.final = (wc >> 24) & 0x7f;
 		if ((wc >> 16) & 0x80)
 			cs.interm = (wc >> 16) & 0x7f;
 		else
 			cs.interm = '\0';
 		if (wc & 0x80)
 			cs.type = (wc & 0x00007f00) ? CS96MULTI : CS96;
 		else
 			cs.type = (wc & 0x00007f00) ? CS94MULTI : CS94;
 	}
 	target = recommendation(ei, &cs);
 	p = tmp;
 	bit8 = ei->flags & F_8BIT;
 
 	/* designate the charset onto the target plane(G0/1/2/3). */
 	if (psenc->g[target].type == cs.type &&
 	    psenc->g[target].final == cs.final &&
 	    psenc->g[target].interm == cs.interm)
 		goto planeok;
 
 	*p++ = '\033';
 	if (cs.type == CS94MULTI || cs.type == CS96MULTI)
 		*p++ = '$';
 	if (target == 0 && cs.type == CS94MULTI && strchr("@AB", cs.final) &&
 	    !cs.interm && !(ei->flags & F_NOOLD))
 		;
 	else if (cs.type == CS94 || cs.type == CS94MULTI)
 		*p++ = "()*+"[target];
 	else
 		*p++ = ",-./"[target];
 	if (cs.interm)
 		*p++ = cs.interm;
 	*p++ = cs.final;
 
 	psenc->g[target].type = cs.type;
 	psenc->g[target].final = cs.final;
 	psenc->g[target].interm = cs.interm;
 
 planeok:
 	/* invoke the plane onto GL or GR. */
 	if (psenc->gl == target)
 		goto sideok;
 	if (bit8 && psenc->gr == target)
 		goto sideok;
 
 	if (target == 0 && (ei->flags & F_LS0)) {
 		*p++ = '\017';
 		psenc->gl = 0;
 	} else if (target == 1 && (ei->flags & F_LS1)) {
 		*p++ = '\016';
 		psenc->gl = 1;
 	} else if (target == 2 && (ei->flags & F_LS2)) {
 		*p++ = '\033';
 		*p++ = 'n';
 		psenc->gl = 2;
 	} else if (target == 3 && (ei->flags & F_LS3)) {
 		*p++ = '\033';
 		*p++ = 'o';
 		psenc->gl = 3;
 	} else if (bit8 && target == 1 && (ei->flags & F_LS1R)) {
 		*p++ = '\033';
 		*p++ = '~';
 		psenc->gr = 1;
 	} else if (bit8 && target == 2 && (ei->flags & F_LS2R)) {
 		*p++ = '\033';
 		/*{*/
 		*p++ = '}';
 		psenc->gr = 2;
 	} else if (bit8 && target == 3 && (ei->flags & F_LS3R)) {
 		*p++ = '\033';
 		*p++ = '|';
 		psenc->gr = 3;
 	} else if (target == 2 && (ei->flags & F_SS2)) {
 		*p++ = '\033';
 		*p++ = 'N';
 		psenc->singlegl = 2;
 	} else if (target == 3 && (ei->flags & F_SS3)) {
 		*p++ = '\033';
 		*p++ = 'O';
 		psenc->singlegl = 3;
 	} else if (bit8 && target == 2 && (ei->flags & F_SS2R)) {
 		*p++ = '\216';
 		*p++ = 'N';
 		psenc->singlegl = psenc->singlegr = 2;
 	} else if (bit8 && target == 3 && (ei->flags & F_SS3R)) {
 		*p++ = '\217';
 		*p++ = 'O';
 		psenc->singlegl = psenc->singlegr = 3;
 	} else
 		goto ilseq;
 
 sideok:
 	if (psenc->singlegl == target)
 		mask = 0x00;
 	else if (psenc->singlegr == target)
 		mask = 0x80;
 	else if (psenc->gl == target)
 		mask = 0x00;
 	else if ((ei->flags & F_8BIT) && psenc->gr == target)
 		mask = 0x80;
 	else
 		goto ilseq;
 
 	switch (cs.type) {
 	case CS94:
 	case CS96:
 		i = 1;
 		break;
 	case CS94MULTI:
 	case CS96MULTI:
 		i = !iscntl(wc & 0xff) ?
 		    (isthree(cs.final) ? 3 : 2) : 1;
 		break;
 	}
 	while (i-- > 0)
 		*p++ = ((wc >> (i << 3)) & 0x7f) | mask;
 
 	/* reset single shift state */
 	psenc->singlegl = psenc->singlegr = -1;
 
 	len = (size_t)(p - tmp);
 	if (n < len) {
 		if (result)
 			*result = (char *)0;
 		*nresult = (size_t)-1;
 		return (E2BIG);
 	}
 	if (result)
 		*result = string + len;
 	memcpy(string, tmp, len);
 	*nresult = len;
 
 	return (0);
 
 ilseq:
 	*nresult = (size_t)-1;
 	return (EILSEQ);
 }
 
 static int
 _citrus_ISO2022_put_state_reset(_ISO2022EncodingInfo * __restrict ei,
     char * __restrict s, size_t n, _ISO2022State * __restrict psenc,
     size_t * __restrict nresult)
 {
 	char *result;
 	char buf[MB_LEN_MAX];
 	size_t len;
 	int ret;
 
 	/* XXX state will be modified after this operation... */
 	ret = _ISO2022_sputwchar(ei, L'\0', buf, sizeof(buf), &result, psenc,
 	    &len);
 	if (ret) {
 		*nresult = len;
 		return (ret);
 	}
 
 	if (sizeof(buf) < len || n < len-1) {
 		/* XXX should recover state? */
 		*nresult = (size_t)-1;
 		return (E2BIG);
 	}
 
 	memcpy(s, buf, len - 1);
 	*nresult = len - 1;
 	return (0);
 }
 
 static int
 _citrus_ISO2022_wcrtomb_priv(_ISO2022EncodingInfo * __restrict ei,
     char * __restrict s, size_t n, wchar_t wc,
     _ISO2022State * __restrict psenc, size_t * __restrict nresult)
 {
 	char *result;
 	char buf[MB_LEN_MAX];
 	size_t len;
 	int ret;
 
 	/* XXX state will be modified after this operation... */
 	ret = _ISO2022_sputwchar(ei, wc, buf, sizeof(buf), &result, psenc,
 	    &len);
 	if (ret) {
 		*nresult = len;
 		return (ret);
 	}
 
 	if (sizeof(buf) < len || n < len) {
 		/* XXX should recover state? */
 		*nresult = (size_t)-1;
 		return (E2BIG);
 	}
 
 	memcpy(s, buf, len);
 	*nresult = len;
 	return (0);
 }
 
 static __inline int
 /*ARGSUSED*/
 _citrus_ISO2022_stdenc_wctocs(_ISO2022EncodingInfo * __restrict ei __unused,
     _csid_t * __restrict csid, _index_t * __restrict idx, wchar_t wc)
 {
 	wchar_t m, nm;
 
 	m = wc & 0x7FFF8080;
 	nm = wc & 0x007F7F7F;
 	if (m & 0x00800000)
 		nm &= 0x00007F7F;
 	else
 		m &= 0x7F008080;
 	if (nm & 0x007F0000) {
 		/* ^3 mark */
 		m |= 0x007F0000;
 	} else if (nm & 0x00007F00) {
 		/* ^2 mark */
 		m |= 0x00007F00;
 	}
 	*csid = (_csid_t)m;
 	*idx  = (_index_t)nm;
 
 	return (0);
 }
 
 static __inline int
 /*ARGSUSED*/
 _citrus_ISO2022_stdenc_cstowc(_ISO2022EncodingInfo * __restrict ei __unused,
     wchar_t * __restrict wc, _csid_t csid, _index_t idx)
 {
 
 	*wc = (wchar_t)(csid & 0x7F808080) | (wchar_t)idx;
 
 	return (0);
 }
 
 static __inline int
 /*ARGSUSED*/
 _citrus_ISO2022_stdenc_get_state_desc_generic(_ISO2022EncodingInfo * __restrict ei __unused,
     _ISO2022State * __restrict psenc, int * __restrict rstate)
 {
 
 	if (psenc->chlen == 0) {
 		/* XXX: it should distinguish initial and stable. */
 		*rstate = _STDENC_SDGEN_STABLE;
 	} else
 		*rstate = (psenc->ch[0] == '\033') ?
 		    _STDENC_SDGEN_INCOMPLETE_SHIFT :
 		    _STDENC_SDGEN_INCOMPLETE_CHAR;
 	return (0);
 }
 
 /* ----------------------------------------------------------------------
  * public interface for stdenc
  */
 
 _CITRUS_STDENC_DECLS(ISO2022);
 _CITRUS_STDENC_DEF_OPS(ISO2022);
 
 #include "citrus_stdenc_template.h"
Index: stable/11/lib/libutil/gr_util.c
===================================================================
--- stable/11/lib/libutil/gr_util.c	(revision 318120)
+++ stable/11/lib/libutil/gr_util.c	(revision 318121)
@@ -1,662 +1,662 @@
 /*-
  * Copyright (c) 2008 Sean C. Farley <scf@FreeBSD.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer,
  *    without modification, immediately at the beginning of the file.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
 #include <sys/errno.h>
 #include <sys/stat.h>
 
 #include <ctype.h>
 #include <err.h>
 #include <fcntl.h>
 #include <grp.h>
 #include <inttypes.h>
 #include <libutil.h>
 #include <paths.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 
 static int lockfd = -1;
 static char group_dir[PATH_MAX];
 static char group_file[PATH_MAX];
 static char tempname[PATH_MAX];
 static int initialized;
 static size_t grmemlen(const struct group *, const char *, int *);
 static struct group *grcopy(const struct group *gr, char *mem, const char *, int ndx);
 
 /*
  * Initialize statics
  */
 int
 gr_init(const char *dir, const char *group)
 {
 
 	if (dir == NULL) {
 		strcpy(group_dir, _PATH_ETC);
 	} else {
 		if (strlen(dir) >= sizeof(group_dir)) {
 			errno = ENAMETOOLONG;
 			return (-1);
 		}
 		strcpy(group_dir, dir);
 	}
 
 	if (group == NULL) {
 		if (dir == NULL) {
 			strcpy(group_file, _PATH_GROUP);
 		} else if (snprintf(group_file, sizeof(group_file), "%s/group",
 			group_dir) > (int)sizeof(group_file)) {
 			errno = ENAMETOOLONG;
 			return (-1);
 		}
 	} else {
 		if (strlen(group) >= sizeof(group_file)) {
 			errno = ENAMETOOLONG;
 			return (-1);
 		}
 		strcpy(group_file, group);
 	}
 
 	initialized = 1;
 	return (0);
 }
 
 /*
  * Lock the group file
  */
 int
 gr_lock(void)
 {
 	if (*group_file == '\0')
 		return (-1);
 
 	for (;;) {
 		struct stat st;
 
 		lockfd = flopen(group_file, O_RDONLY|O_NONBLOCK|O_CLOEXEC, 0);
 		if (lockfd == -1) {
 			if (errno == EWOULDBLOCK) {
 				errx(1, "the group file is busy");
 			} else {
 				err(1, "could not lock the group file: ");
 			}
 		}
 		if (fstat(lockfd, &st) == -1)
 			err(1, "fstat() failed: ");
 		if (st.st_nlink != 0)
 			break;
 		close(lockfd);
 		lockfd = -1;
 	}
 	return (lockfd);
 }
 
 /*
  * Create and open a presmuably safe temp file for editing group data
  */
 int
 gr_tmp(int mfd)
 {
 	char buf[8192];
 	ssize_t nr;
 	const char *p;
 	int tfd;
 
 	if (*group_file == '\0')
 		return (-1);
 	if ((p = strrchr(group_file, '/')))
 		++p;
 	else
 		p = group_file;
 	if (snprintf(tempname, sizeof(tempname), "%.*sgroup.XXXXXX",
 		(int)(p - group_file), group_file) >= (int)sizeof(tempname)) {
 		errno = ENAMETOOLONG;
 		return (-1);
 	}
 	if ((tfd = mkostemp(tempname, 0)) == -1)
 		return (-1);
 	if (mfd != -1) {
 		while ((nr = read(mfd, buf, sizeof(buf))) > 0)
 			if (write(tfd, buf, (size_t)nr) != nr)
 				break;
 		if (nr != 0) {
 			unlink(tempname);
 			*tempname = '\0';
 			close(tfd);
 			return (-1);
 		}
 	}
 	return (tfd);
 }
 
 /*
  * Copy the group file from one descriptor to another, replacing, deleting
  * or adding a single record on the way.
  */
 int
 gr_copy(int ffd, int tfd, const struct group *gr, struct group *old_gr)
 {
 	char *buf, *end, *line, *p, *q, *r, *tmp;
 	struct group *fgr;
 	const struct group *sgr;
 	size_t len, size;
 	int eof, readlen;
 	char t;
 
 	if (old_gr == NULL && gr == NULL)
 		return(-1);
 
 	sgr = old_gr;
 	/* deleting a group */
 	if (gr == NULL) {
 		line = NULL;
 	} else {
 		if ((line = gr_make(gr)) == NULL)
 			return (-1);
 	}
 
 	/* adding a group */
 	if (sgr == NULL)
 		sgr = gr;
 
 	/* initialize the buffer */
 	if ((buf = malloc(size = 1024)) == NULL)
 		goto err;
 
 	eof = 0;
 	len = 0;
 	p = q = end = buf;
 	for (;;) {
 		/* find the end of the current line */
 		for (p = q; q < end && *q != '\0'; ++q)
 			if (*q == '\n')
 				break;
 
 		/* if we don't have a complete line, fill up the buffer */
 		if (q >= end) {
 			if (eof)
 				break;
 			while ((size_t)(q - p) >= size) {
-				if ((tmp = realloc(buf, size * 2)) == NULL) {
+				if ((tmp = reallocarray(buf, 2, size)) == NULL) {
 					warnx("group line too long");
 					goto err;
 				}
 				p = tmp + (p - buf);
 				q = tmp + (q - buf);
 				end = tmp + (end - buf);
 				buf = tmp;
 				size = size * 2;
 			}
 			if (p < end) {
 				q = memmove(buf, p, end -p);
 				end -= p - buf;
 			} else {
 				p = q = end = buf;
 			}
 			readlen = read(ffd, end, size - (end - buf));
 			if (readlen == -1)
 				goto err;
 			else
 				len = (size_t)readlen;
 			if (len == 0 && p == buf)
 				break;
 			end += len;
 			len = end - buf;
 			if (len < size) {
 				eof = 1;
 				if (len > 0 && buf[len -1] != '\n')
 					++len, *end++ = '\n';
 			}
 			continue;
 		}
 
 		/* is it a blank line or a comment? */
 		for (r = p; r < q && isspace(*r); ++r)
 			/* nothing */;
 		if (r == q || *r == '#') {
 			/* yep */
 			if (write(tfd, p, q -p + 1) != q - p + 1)
 				goto err;
 			++q;
 			continue;
 		}
 
 		/* is it the one we're looking for? */
 
 		t = *q;
 		*q = '\0';
 
 		fgr = gr_scan(r);
 
 		/* fgr is either a struct group for the current line,
 		 * or NULL if the line is malformed.
 		 */
 
 		*q = t;
 		if (fgr == NULL || fgr->gr_gid != sgr->gr_gid) {
 			/* nope */
 			if (fgr != NULL)
 				free(fgr);
 			if (write(tfd, p, q - p + 1) != q - p + 1)
 				goto err;
 			++q;
 			continue;
 		}
 		if (old_gr && !gr_equal(fgr, old_gr)) {
 			warnx("entry inconsistent");
 			free(fgr);
 			errno = EINVAL; /* hack */
 			goto err;
 		}
 		free(fgr);
 
 		/* it is, replace or remove it */
 		if (line != NULL) {
 			len = strlen(line);
 			if (write(tfd, line, len) != (int) len)
 				goto err;
 		} else {
 			/* when removed, avoid the \n */
 			q++;
 		}
 		/* we're done, just copy the rest over */
 		for (;;) {
 			if (write(tfd, q, end - q) != end - q)
 				goto err;
 			q = buf;
 			readlen = read(ffd, buf, size);
 			if (readlen == 0)
 				break;
 			else
 				len = (size_t)readlen;
 			if (readlen == -1)
 				goto err;
 			end = buf + len;
 		}
 		goto done;
 	}
 
 	/* if we got here, we didn't find the old entry */
 	if (line == NULL) {
 		errno = ENOENT;
 		goto err;
 	}
 	len = strlen(line);
 	if ((size_t)write(tfd, line, len) != len ||
 	   write(tfd, "\n", 1) != 1)
 		goto err;
  done:
 	free(line);
 	free(buf);
 	return (0);
  err:
 	free(line);
 	free(buf);
 	return (-1);
 }
 
 /*
  * Regenerate the group file
  */
 int
 gr_mkdb(void)
 {
 	int fd;
 
 	if (chmod(tempname, 0644) != 0)
 		return (-1);
 
 	if (rename(tempname, group_file) != 0)
 		return (-1);
 
 	/*
 	 * Make sure new group file is safe on disk. To improve performance we
 	 * will call fsync() to the directory where file lies
 	 */
 	if ((fd = open(group_dir, O_RDONLY|O_DIRECTORY)) == -1)
 		return (-1);
 
 	if (fsync(fd) != 0) {
 		close(fd);
 		return (-1);
 	}
 
 	close(fd);
 	return(0);
 }
 
 /*
  * Clean up. Preserves errno for the caller's convenience.
  */
 void
 gr_fini(void)
 {
 	int serrno;
 
 	if (!initialized)
 		return;
 	initialized = 0;
 	serrno = errno;
 	if (*tempname != '\0') {
 		unlink(tempname);
 		*tempname = '\0';
 	}
 	if (lockfd != -1)
 		close(lockfd);
 	errno = serrno;
 }
 
 /*
  * Compares two struct group's.
  */
 int
 gr_equal(const struct group *gr1, const struct group *gr2)
 {
 
 	/* Check that the non-member information is the same. */
 	if (gr1->gr_name == NULL || gr2->gr_name == NULL) {
 		if (gr1->gr_name != gr2->gr_name)
 			return (false);
 	} else if (strcmp(gr1->gr_name, gr2->gr_name) != 0)
 		return (false);
 	if (gr1->gr_passwd == NULL || gr2->gr_passwd == NULL) {
 		if (gr1->gr_passwd != gr2->gr_passwd)
 			return (false);
 	} else if (strcmp(gr1->gr_passwd, gr2->gr_passwd) != 0)
 		return (false);
 	if (gr1->gr_gid != gr2->gr_gid)
 		return (false);
 
 	/*
 	 * Check all members in both groups.
 	 * getgrnam can return gr_mem with a pointer to NULL.
 	 * gr_dup and gr_add strip out this superfluous NULL, setting
 	 * gr_mem to NULL for no members.
 	*/
 	if (gr1->gr_mem != NULL && gr2->gr_mem != NULL) {
 		int i;
 
 		for (i = 0;
 		    gr1->gr_mem[i] != NULL && gr2->gr_mem[i] != NULL; i++) {
 			if (strcmp(gr1->gr_mem[i], gr2->gr_mem[i]) != 0)
 				return (false);
 		}
 		if (gr1->gr_mem[i] != NULL || gr2->gr_mem[i] != NULL)
 			return (false);
 	} else if (gr1->gr_mem != NULL && gr1->gr_mem[0] != NULL) {
 		return (false);
 	} else if (gr2->gr_mem != NULL && gr2->gr_mem[0] != NULL) {
 		return (false);
 	}
 
 	return (true);
 }
 
 /*
  * Make a group line out of a struct group.
  */
 char *
 gr_make(const struct group *gr)
 {
 	const char *group_line_format = "%s:%s:%ju:";
 	const char *sep;
 	char *line;
 	char *p;
 	size_t line_size;
 	int ndx;
 
 	/* Calculate the length of the group line. */
 	line_size = snprintf(NULL, 0, group_line_format, gr->gr_name,
 	    gr->gr_passwd, (uintmax_t)gr->gr_gid) + 1;
 	if (gr->gr_mem != NULL) {
 		for (ndx = 0; gr->gr_mem[ndx] != NULL; ndx++)
 			line_size += strlen(gr->gr_mem[ndx]) + 1;
 		if (ndx > 0)
 			line_size--;
 	}
 
 	/* Create the group line and fill it. */
 	if ((line = p = malloc(line_size)) == NULL)
 		return (NULL);
 	p += sprintf(p, group_line_format, gr->gr_name, gr->gr_passwd,
 	    (uintmax_t)gr->gr_gid);
 	if (gr->gr_mem != NULL) {
 		sep = "";
 		for (ndx = 0; gr->gr_mem[ndx] != NULL; ndx++) {
 			p = stpcpy(p, sep);
 			p = stpcpy(p, gr->gr_mem[ndx]);
 			sep = ",";
 		}
 	}
 
 	return (line);
 }
 
 /*
  * Duplicate a struct group.
  */
 struct group *
 gr_dup(const struct group *gr)
 {
 	return (gr_add(gr, NULL));
 }
 /*
  * Add a new member name to a struct group.
  */
 struct group *
 gr_add(const struct group *gr, const char *newmember)
 {
 	char *mem;
 	size_t len;
 	int num_mem;
 
 	num_mem = 0;
 	len = grmemlen(gr, newmember, &num_mem);
 	/* Create new group and copy old group into it. */
 	if ((mem = malloc(len)) == NULL)
 		return (NULL);
 	return (grcopy(gr, mem, newmember, num_mem));
 }
 
 /* It is safer to walk the pointers given at gr_mem since there is no
  * guarantee the gr_mem + strings are contiguous in the given struct group
  * but compactify the new group into the following form.
  *
  * The new struct is laid out like this in memory. The example given is
  * for a group with two members only.
  *
  * {
  * (char *name)
  * (char *passwd)
  * (int gid)
  * (gr_mem * newgrp + sizeof(struct group) + sizeof(**)) points to gr_mem area
  * gr_mem area
  * (member1 *) 
  * (member2 *)
  * (NULL)
  * (name string)
  * (passwd string)
  * (member1 string)
  * (member2 string)
  * }
  */
 /*
  * Copy the contents of a group plus given name to a preallocated group struct
  */
 static struct group *
 grcopy(const struct group *gr, char *dst, const char *name, int ndx)
 {
 	int i;
 	struct group *newgr;
 
 	newgr = (struct group *)(void *)dst;	/* avoid alignment warning */
 	dst += sizeof(*newgr);
 	if (ndx != 0) {
 		newgr->gr_mem = (char **)(void *)(dst);	/* avoid alignment warning */
 		dst += (ndx + 1) * sizeof(*newgr->gr_mem);
 	} else
 		newgr->gr_mem = NULL;
 	if (gr->gr_name != NULL) {
 		newgr->gr_name = dst;
 		dst = stpcpy(dst, gr->gr_name) + 1;
 	} else
 		newgr->gr_name = NULL;
 	if (gr->gr_passwd != NULL) {
 		newgr->gr_passwd = dst;
 		dst = stpcpy(dst, gr->gr_passwd) + 1;
 	} else
 		newgr->gr_passwd = NULL;
 	newgr->gr_gid = gr->gr_gid;
 	i = 0;
 	/* Original group struct might have a NULL gr_mem */
 	if (gr->gr_mem != NULL) {
 		for (; gr->gr_mem[i] != NULL; i++) {
 			newgr->gr_mem[i] = dst;
 			dst = stpcpy(dst, gr->gr_mem[i]) + 1;
 		}
 	}
 	/* If name is not NULL, newgr->gr_mem is known to be not NULL */
 	if (name != NULL) {
 		newgr->gr_mem[i++] = dst;
 		dst = stpcpy(dst, name) + 1;
 	}
 	/* if newgr->gr_mem is not NULL add NULL marker */
 	if (newgr->gr_mem != NULL)
 		newgr->gr_mem[i] = NULL;
 
 	return (newgr);
 }
 
 /*
  *  Calculate length of a struct group + given name
  */
 static size_t
 grmemlen(const struct group *gr, const char *name, int *num_mem)
 {
 	size_t len;
 	int i;
 
 	if (gr == NULL)
 		return (0);
 	/* Calculate size of the group. */
 	len = sizeof(*gr);
 	if (gr->gr_name != NULL)
 		len += strlen(gr->gr_name) + 1;
 	if (gr->gr_passwd != NULL)
 		len += strlen(gr->gr_passwd) + 1;
 	i = 0;
 	if (gr->gr_mem != NULL) {
 		for (; gr->gr_mem[i] != NULL; i++) {
 			len += strlen(gr->gr_mem[i]) + 1;
 			len += sizeof(*gr->gr_mem);
 		}
 	}
 	if (name != NULL) {
 		i++;
 		len += strlen(name) + 1;
 		len += sizeof(*gr->gr_mem);
 	}
 	/* Allow for NULL pointer */
 	if (i != 0)
 		len += sizeof(*gr->gr_mem);
 	*num_mem = i;
 	return(len);
 }
 
 /*
  * Scan a line and place it into a group structure.
  */
 static bool
 __gr_scan(char *line, struct group *gr)
 {
 	char *loc;
 	int ndx;
 
 	/* Assign non-member information to structure. */
 	gr->gr_name = line;
 	if ((loc = strchr(line, ':')) == NULL)
 		return (false);
 	*loc = '\0';
 	gr->gr_passwd = loc + 1;
 	if (*gr->gr_passwd == ':')
 		*gr->gr_passwd = '\0';
 	else {
 		if ((loc = strchr(loc + 1, ':')) == NULL)
 			return (false);
 		*loc = '\0';
 	}
 	if (sscanf(loc + 1, "%u", &gr->gr_gid) != 1)
 		return (false);
 
 	/* Assign member information to structure. */
 	if ((loc = strchr(loc + 1, ':')) == NULL)
 		return (false);
 	line = loc + 1;
 	gr->gr_mem = NULL;
 	ndx = 0;
 	do {
 		gr->gr_mem = reallocf(gr->gr_mem, sizeof(*gr->gr_mem) *
 		    (ndx + 1));
 		if (gr->gr_mem == NULL)
 			return (false);
 
 		/* Skip locations without members (i.e., empty string). */
 		do {
 			gr->gr_mem[ndx] = strsep(&line, ",");
 		} while (gr->gr_mem[ndx] != NULL && *gr->gr_mem[ndx] == '\0');
 	} while (gr->gr_mem[ndx++] != NULL);
 
 	return (true);
 }
 
 /*
  * Create a struct group from a line.
  */
 struct group *
 gr_scan(const char *line)
 {
 	struct group gr;
 	char *line_copy;
 	struct group *new_gr;
 
 	if ((line_copy = strdup(line)) == NULL)
 		return (NULL);
 	if (!__gr_scan(line_copy, &gr)) {
 		free(line_copy);
 		return (NULL);
 	}
 	new_gr = gr_dup(&gr);
 	free(line_copy);
 	if (gr.gr_mem != NULL)
 		free(gr.gr_mem);
 
 	return (new_gr);
 }
Index: stable/11/lib/libutil/login_cap.c
===================================================================
--- stable/11/lib/libutil/login_cap.c	(revision 318120)
+++ stable/11/lib/libutil/login_cap.c	(revision 318121)
@@ -1,819 +1,819 @@
 /*-
  * Copyright (c) 1996 by
  * Sean Eric Fagan <sef@kithrup.com>
  * David Nugent <davidn@blaze.net.au>
  * All rights reserved.
  *
  * Portions copyright (c) 1995,1997
  * Berkeley Software Design, Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, is permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice immediately at the beginning of the file, without modification,
  *    this list of conditions, and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 3. This work was done expressly for inclusion into FreeBSD.  Other use
  *    is permitted provided this notation is included.
  * 4. Absolutely no warranty of function or purpose is made by the authors.
  * 5. Modifications may be freely made to this file providing the above
  *    conditions are met.
  *
  * Low-level routines relating to the user capabilities database
  */
 
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/resource.h>
 #include <sys/param.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <libutil.h>
 #include <login_cap.h>
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <syslog.h>
 #include <unistd.h>
 
 /*
  * allocstr()
  * Manage a single static pointer for handling a local char* buffer,
  * resizing as necessary to contain the string.
  *
  * allocarray()
  * Manage a static array for handling a group of strings, resizing
  * when necessary.
  */
 
 static int lc_object_count = 0;
 
 static size_t internal_stringsz = 0;
 static char * internal_string = NULL;
 static size_t internal_arraysz = 0;
 static const char ** internal_array = NULL;
 
 static char path_login_conf[] = _PATH_LOGIN_CONF;
 
 static char *
 allocstr(const char *str)
 {
     char    *p;
 
     size_t sz = strlen(str) + 1;	/* realloc() only if necessary */
     if (sz <= internal_stringsz)
 	p = strcpy(internal_string, str);
     else if ((p = realloc(internal_string, sz)) != NULL) {
 	internal_stringsz = sz;
 	internal_string = strcpy(p, str);
     }
     return p;
 }
 
 
 static const char **
 allocarray(size_t sz)
 {
     static const char    **p;
 
     if (sz <= internal_arraysz)
 	p = internal_array;
-    else if ((p = realloc(internal_array, sz * sizeof(char*))) != NULL) {
+    else if ((p = reallocarray(internal_array, sz, sizeof(char*))) != NULL) {
 	internal_arraysz = sz;
 	internal_array = p;
     }
     return p;
 }
 
 
 /*
  * arrayize()
  * Turn a simple string <str> separated by any of
  * the set of <chars> into an array.  The last element
  * of the array will be NULL, as is proper.
  * Free using freearraystr()
  */
 
 static const char **
 arrayize(const char *str, const char *chars, int *size)
 {
     int	    i;
     char *ptr;
     const char *cptr;
     const char **res = NULL;
 
     /* count the sub-strings */
     for (i = 0, cptr = str; *cptr; i++) {
 	int count = strcspn(cptr, chars);
 	cptr += count;
 	if (*cptr)
 	    ++cptr;
     }
 
     /* alloc the array */
     if ((ptr = allocstr(str)) != NULL) {
 	if ((res = allocarray(++i)) == NULL)
 	    free((void *)(uintptr_t)(const void *)str);
 	else {
 	    /* now split the string */
 	    i = 0;
 	    while (*ptr) {
 		int count = strcspn(ptr, chars);
 		res[i++] = ptr;
 		ptr += count;
 		if (*ptr)
 		    *ptr++ = '\0';
 	    }
 	    res[i] = NULL;
 	}
     }
 
     if (size)
 	*size = i;
 
     return res;
 }
 
 
 /*
  * login_close()
  * Frees up all resources relating to a login class
  *
  */
 
 void
 login_close(login_cap_t * lc)
 {
     if (lc) {
 	free(lc->lc_style);
 	free(lc->lc_class);
 	free(lc->lc_cap);
 	free(lc);
 	if (--lc_object_count == 0) {
 	    free(internal_string);
 	    free(internal_array);
 	    internal_array = NULL;
 	    internal_arraysz = 0;
 	    internal_string = NULL;
 	    internal_stringsz = 0;
 	    cgetclose();
 	}
     }
 }
 
 
 /*
  * login_getclassbyname()
  * Get the login class by its name.
  * If the name given is NULL or empty, the default class
  * LOGIN_DEFCLASS (i.e., "default") is fetched.
  * If the name given is LOGIN_MECLASS and
  * 'pwd' argument is non-NULL and contains an non-NULL
  * dir entry, then the file _FILE_LOGIN_CONF is picked
  * up from that directory and used before the system
  * login database. In that case the system login database
  * is looked up using LOGIN_MECLASS, too, which is a bug.
  * Return a filled-out login_cap_t structure, including
  * class name, and the capability record buffer.
  */
 
 login_cap_t *
 login_getclassbyname(char const *name, const struct passwd *pwd)
 {
     login_cap_t	*lc;
   
     if ((lc = malloc(sizeof(login_cap_t))) != NULL) {
 	int         r, me, i = 0;
 	uid_t euid = 0;
 	gid_t egid = 0;
 	const char  *msg = NULL;
 	const char  *dir;
 	char	    userpath[MAXPATHLEN];
 
 	static char *login_dbarray[] = { NULL, NULL, NULL };
 
 	me = (name != NULL && strcmp(name, LOGIN_MECLASS) == 0);
 	dir = (!me || pwd == NULL) ? NULL : pwd->pw_dir;
 	/*
 	 * Switch to user mode before checking/reading its ~/.login_conf
 	 * - some NFSes have root read access disabled.
 	 *
 	 * XXX: This fails to configure additional groups.
 	 */
 	if (dir) {
 	    euid = geteuid();
 	    egid = getegid();
 	    (void)setegid(pwd->pw_gid);
 	    (void)seteuid(pwd->pw_uid);
 	}
 
 	if (dir && snprintf(userpath, MAXPATHLEN, "%s/%s", dir,
 			    _FILE_LOGIN_CONF) < MAXPATHLEN) {
 	    if (_secure_path(userpath, pwd->pw_uid, pwd->pw_gid) != -1)
 		login_dbarray[i++] = userpath;
 	}
 	/*
 	 * XXX: Why to add the system database if the class is `me'?
 	 */
 	if (_secure_path(path_login_conf, 0, 0) != -1)
 	    login_dbarray[i++] = path_login_conf;
 	login_dbarray[i] = NULL;
 
 	memset(lc, 0, sizeof(login_cap_t));
 	lc->lc_cap = lc->lc_class = lc->lc_style = NULL;
 
 	if (name == NULL || *name == '\0')
 	    name = LOGIN_DEFCLASS;
 
 	switch (cgetent(&lc->lc_cap, login_dbarray, name)) {
 	case -1:		/* Failed, entry does not exist */
 	    if (me)
 		break;	/* Don't retry default on 'me' */
 	    if (i == 0)
 	        r = -1;
 	    else if ((r = open(login_dbarray[0], O_RDONLY | O_CLOEXEC)) >= 0)
 	        close(r);
 	    /*
 	     * If there's at least one login class database,
 	     * and we aren't searching for a default class
 	     * then complain about a non-existent class.
 	     */
 	    if (r >= 0 || strcmp(name, LOGIN_DEFCLASS) != 0)
 		syslog(LOG_ERR, "login_getclass: unknown class '%s'", name);
 	    /* fall-back to default class */
 	    name = LOGIN_DEFCLASS;
 	    msg = "%s: no default/fallback class '%s'";
 	    if (cgetent(&lc->lc_cap, login_dbarray, name) != 0 && r >= 0)
 		break;
 	    /* FALLTHROUGH - just return system defaults */
 	case 0:		/* success! */
 	    if ((lc->lc_class = strdup(name)) != NULL) {
 		if (dir) {
 		    (void)seteuid(euid);
 		    (void)setegid(egid);
 		}
 		++lc_object_count;
 		return lc;
 	    }
 	    msg = "%s: strdup: %m";
 	    break;
 	case -2:
 	    msg = "%s: retrieving class information: %m";
 	    break;
 	case -3:
 	    msg = "%s: 'tc=' reference loop '%s'";
 	    break;
 	case 1:
 	    msg = "couldn't resolve 'tc=' reference in '%s'";
 	    break;
 	default:
 	    msg = "%s: unexpected cgetent() error '%s': %m";
 	    break;
 	}
 	if (dir) {
 	    (void)seteuid(euid);
 	    (void)setegid(egid);
 	}
 	if (msg != NULL)
 	    syslog(LOG_ERR, msg, "login_getclass", name);
 	free(lc);
     }
 
     return NULL;
 }
 
 
 
 /*
  * login_getclass()
  * Get the login class for the system (only) login class database.
  * Return a filled-out login_cap_t structure, including
  * class name, and the capability record buffer.
  */
 
 login_cap_t *
 login_getclass(const char *cls)
 {
     return login_getclassbyname(cls, NULL);
 }
 
 
 /*
  * login_getpwclass()
  * Get the login class for a given password entry from
  * the system (only) login class database.
  * If the password entry's class field is not set, or
  * the class specified does not exist, then use the
  * default of LOGIN_DEFCLASS (i.e., "default") for an unprivileged
  * user or that of LOGIN_DEFROOTCLASS (i.e., "root") for a super-user.
  * Return a filled-out login_cap_t structure, including
  * class name, and the capability record buffer.
  */
 
 login_cap_t *
 login_getpwclass(const struct passwd *pwd)
 {
     const char	*cls = NULL;
 
     if (pwd != NULL) {
 	cls = pwd->pw_class;
 	if (cls == NULL || *cls == '\0')
 	    cls = (pwd->pw_uid == 0) ? LOGIN_DEFROOTCLASS : LOGIN_DEFCLASS;
     }
     /*
      * XXX: pwd should be unused by login_getclassbyname() unless cls is `me',
      *      so NULL can be passed instead of pwd for more safety.
      */
     return login_getclassbyname(cls, pwd);
 }
 
 
 /*
  * login_getuserclass()
  * Get the `me' login class, allowing user overrides via ~/.login_conf.
  * Note that user overrides are allowed only in the `me' class.
  */
 
 login_cap_t *
 login_getuserclass(const struct passwd *pwd)
 {
     return login_getclassbyname(LOGIN_MECLASS, pwd);
 }
 
 
 /*
  * login_getcapstr()
  * Given a login_cap entry, and a capability name, return the
  * value defined for that capability, a default if not found, or
  * an error string on error.
  */
 
 const char *
 login_getcapstr(login_cap_t *lc, const char *cap, const char *def, const char *error)
 {
     char    *res;
     int	    ret;
 
     if (lc == NULL || cap == NULL || lc->lc_cap == NULL || *cap == '\0')
 	return def;
 
     if ((ret = cgetstr(lc->lc_cap, cap, &res)) == -1)
 	return def;
     return (ret >= 0) ? res : error;
 }
 
 
 /*
  * login_getcaplist()
  * Given a login_cap entry, and a capability name, return the
  * value defined for that capability split into an array of
  * strings.
  */
 
 const char **
 login_getcaplist(login_cap_t *lc, const char *cap, const char *chars)
 {
     const char *lstring;
 
     if (chars == NULL)
 	chars = ", \t";
     if ((lstring = login_getcapstr(lc, cap, NULL, NULL)) != NULL)
 	return arrayize(lstring, chars, NULL);
     return NULL;
 }
 
 
 /*
  * login_getpath()
  * From the login_cap_t <lc>, get the capability <cap> which is
  * formatted as either a space or comma delimited list of paths
  * and append them all into a string and separate by semicolons.
  * If there is an error of any kind, return <error>.
  */
 
 const char *
 login_getpath(login_cap_t *lc, const char *cap, const char *error)
 {
     const char *str;
     char *ptr;
     int count;
 
     str = login_getcapstr(lc, cap, NULL, NULL);
     if (str == NULL)
 	return error;
     ptr = __DECONST(char *, str); /* XXXX Yes, very dodgy */
     while (*ptr) {
 	count = strcspn(ptr, ", \t");
 	ptr += count;
 	if (*ptr)
 	    *ptr++ = ':';
     }
     return str;
 }
 
 
 static int
 isinfinite(const char *s)
 {
     static const char *infs[] = {
 	"infinity",
 	"inf",
 	"unlimited",
 	"unlimit",
 	"-1",
 	NULL
     };
     const char **i = &infs[0];
 
     while (*i != NULL) {
 	if (strcasecmp(s, *i) == 0)
 	    return 1;
 	++i;
     }
     return 0;
 }
 
 
 static u_quad_t
 rmultiply(u_quad_t n1, u_quad_t n2)
 {
     u_quad_t	m, r;
     int		b1, b2;
 
     static int bpw = 0;
 
     /* Handle simple cases */
     if (n1 == 0 || n2 == 0)
 	return 0;
     if (n1 == 1)
 	return n2;
     if (n2 == 1)
 	return n1;
 
     /*
      * sizeof() returns number of bytes needed for storage.
      * This may be different from the actual number of useful bits.
      */
     if (!bpw) {
 	bpw = sizeof(u_quad_t) * 8;
 	while (((u_quad_t)1 << (bpw-1)) == 0)
 	    --bpw;
     }
 
     /*
      * First check the magnitude of each number. If the sum of the
      * magnatude is way to high, reject the number. (If this test
      * is not done then the first multiply below may overflow.)
      */
     for (b1 = bpw; (((u_quad_t)1 << (b1-1)) & n1) == 0; --b1)
 	; 
     for (b2 = bpw; (((u_quad_t)1 << (b2-1)) & n2) == 0; --b2)
 	; 
     if (b1 + b2 - 2 > bpw) {
 	errno = ERANGE;
 	return (UQUAD_MAX);
     }
 
     /*
      * Decompose the multiplication to be:
      * h1 = n1 & ~1
      * h2 = n2 & ~1
      * l1 = n1 & 1
      * l2 = n2 & 1
      * (h1 + l1) * (h2 + l2)
      * (h1 * h2) + (h1 * l2) + (l1 * h2) + (l1 * l2)
      *
      * Since h1 && h2 do not have the low bit set, we can then say:
      *
      * (h1>>1 * h2>>1 * 4) + ...
      *
      * So if (h1>>1 * h2>>1) > (1<<(bpw - 2)) then the result will
      * overflow.
      *
      * Finally, if MAX - ((h1 * l2) + (l1 * h2) + (l1 * l2)) < (h1*h2)
      * then adding in residual amout will cause an overflow.
      */
 
     m = (n1 >> 1) * (n2 >> 1);
     if (m >= ((u_quad_t)1 << (bpw-2))) {
 	errno = ERANGE;
 	return (UQUAD_MAX);
     }
     m *= 4;
 
     r = (n1 & n2 & 1)
 	+ (n2 & 1) * (n1 & ~(u_quad_t)1)
 	+ (n1 & 1) * (n2 & ~(u_quad_t)1);
 
     if ((u_quad_t)(m + r) < m) {
 	errno = ERANGE;
 	return (UQUAD_MAX);
     }
     m += r;
 
     return (m);
 }
 
 
 /*
  * login_getcaptime()
  * From the login_cap_t <lc>, get the capability <cap>, which is
  * formatted as a time (e.g., "<cap>=10h3m2s").  If <cap> is not
  * present in <lc>, return <def>; if there is an error of some kind,
  * return <error>.
  */
 
 rlim_t
 login_getcaptime(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error)
 {
     char    *res, *ep, *oval;
     int	    r;
     rlim_t  tot;
 
     errno = 0;
     if (lc == NULL || lc->lc_cap == NULL)
 	return def;
 
     /*
      * Look for <cap> in lc_cap.
      * If it's not there (-1), return <def>.
      * If there's an error, return <error>.
      */
 
     if ((r = cgetstr(lc->lc_cap, cap, &res)) == -1)
 	return def;
     else if (r < 0) {
 	errno = ERANGE;
 	return error;
     }
 
     /* "inf" and "infinity" are special cases */
     if (isinfinite(res))
 	return RLIM_INFINITY;
 
     /*
      * Now go through the string, turning something like 1h2m3s into
      * an integral value.  Whee.
      */
 
     errno = 0;
     tot = 0;
     oval = res;
     while (*res) {
 	rlim_t tim = strtoq(res, &ep, 0);
 	rlim_t mult = 1;
 
 	if (ep == NULL || ep == res || errno != 0) {
 	invalid:
 	    syslog(LOG_WARNING, "login_getcaptime: class '%s' bad value %s=%s",
 		   lc->lc_class, cap, oval);
 	    errno = ERANGE;
 	    return error;
 	}
 	/* Look for suffixes */
 	switch (*ep++) {
 	case 0:
 	    ep--;
 	    break;	/* end of string */
 	case 's': case 'S':	/* seconds */
 	    break;
 	case 'm': case 'M':	/* minutes */
 	    mult = 60;
 	    break;
 	case 'h': case 'H':	/* hours */
 	    mult = 60L * 60L;
 	    break;
 	case 'd': case 'D':	/* days */
 	    mult = 60L * 60L * 24L;
 	    break;
 	case 'w': case 'W':	/* weeks */
 	    mult = 60L * 60L * 24L * 7L;
 	    break;
 	case 'y': case 'Y':	/* 365-day years */
 	    mult = 60L * 60L * 24L * 365L;
 	    break;
 	default:
 	    goto invalid;
 	}
 	res = ep;
 	tot += rmultiply(tim, mult);
 	if (errno)
 	    goto invalid;
     }
 
     return tot;
 }
 
 
 /*
  * login_getcapnum()
  * From the login_cap_t <lc>, extract the numerical value <cap>.
  * If it is not present, return <def> for a default, and return
  * <error> if there is an error.
  * Like login_getcaptime(), only it only converts to a number, not
  * to a time; "infinity" and "inf" are 'special.'
  */
 
 rlim_t
 login_getcapnum(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error)
 {
     char    *ep, *res;
     int	    r;
     rlim_t  val;
 
     if (lc == NULL || lc->lc_cap == NULL)
 	return def;
 
     /*
      * For BSDI compatibility, try for the tag=<val> first
      */
     if ((r = cgetstr(lc->lc_cap, cap, &res)) == -1) {
 	long	lval;
 	/* string capability not present, so try for tag#<val> as numeric */
 	if ((r = cgetnum(lc->lc_cap, cap, &lval)) == -1)
 	    return def; /* Not there, so return default */
 	else if (r >= 0)
 	    return (rlim_t)lval;
     }
 
     if (r < 0) {
 	errno = ERANGE;
 	return error;
     }
 
     if (isinfinite(res))
 	return RLIM_INFINITY;
 
     errno = 0;
     val = strtoq(res, &ep, 0);
     if (ep == NULL || ep == res || errno != 0) {
 	syslog(LOG_WARNING, "login_getcapnum: class '%s' bad value %s=%s",
 	       lc->lc_class, cap, res);
 	errno = ERANGE;
 	return error;
     }
 
     return val;
 }
 
 
 
 /*
  * login_getcapsize()
  * From the login_cap_t <lc>, extract the capability <cap>, which is
  * formatted as a size (e.g., "<cap>=10M"); it can also be "infinity".
  * If not present, return <def>, or <error> if there is an error of
  * some sort.
  */
 
 rlim_t
 login_getcapsize(login_cap_t *lc, const char *cap, rlim_t def, rlim_t error)
 {
     char    *ep, *res, *oval;
     int	    r;
     rlim_t  tot;
 
     if (lc == NULL || lc->lc_cap == NULL)
 	return def;
 
     if ((r = cgetstr(lc->lc_cap, cap, &res)) == -1)
 	return def;
     else if (r < 0) {
 	errno = ERANGE;
 	return error;
     }
 
     if (isinfinite(res))
 	return RLIM_INFINITY;
 
     errno = 0;
     tot = 0;
     oval = res;
     while (*res) {
 	rlim_t siz = strtoq(res, &ep, 0);
 	rlim_t mult = 1;
 
 	if (ep == NULL || ep == res || errno != 0) {
 	invalid:
 	    syslog(LOG_WARNING, "login_getcapsize: class '%s' bad value %s=%s",
 		   lc->lc_class, cap, oval);
 	    errno = ERANGE;
 	    return error;
 	}
 	switch (*ep++) {
 	case 0:	/* end of string */
 	    ep--;
 	    break;
 	case 'b': case 'B':	/* 512-byte blocks */
 	    mult = 512;
 	    break;
 	case 'k': case 'K':	/* 1024-byte Kilobytes */
 	    mult = 1024;
 	    break;
 	case 'm': case 'M':	/* 1024-k kbytes */
 	    mult = 1024 * 1024;
 	    break;
 	case 'g': case 'G':	/* 1Gbyte */
 	    mult = 1024 * 1024 * 1024;
 	    break;
 	case 't': case 'T':	/* 1TBte */
 	    mult = 1024LL * 1024LL * 1024LL * 1024LL;
 	    break;
 	default:
 	    goto invalid;
 	}
 	res = ep;
 	tot += rmultiply(siz, mult);
 	if (errno)
 	    goto invalid;
     }
 
     return tot;
 }
 
 
 /*
  * login_getcapbool()
  * From the login_cap_t <lc>, check for the existence of the capability
  * of <cap>.  Return <def> if <lc>->lc_cap is NULL, otherwise return
  * the whether or not <cap> exists there.
  */
 
 int
 login_getcapbool(login_cap_t *lc, const char *cap, int def)
 {
     if (lc == NULL || lc->lc_cap == NULL)
 	return def;
     return (cgetcap(lc->lc_cap, cap, ':') != NULL);
 }
 
 
 /*
  * login_getstyle()
  * Given a login_cap entry <lc>, and optionally a type of auth <auth>,
  * and optionally a style <style>, find the style that best suits these
  * rules:
  *	1.  If <auth> is non-null, look for an "auth-<auth>=" string
  *	in the capability; if not present, default to "auth=".
  *	2.  If there is no auth list found from (1), default to
  *	"passwd" as an authorization list.
  *	3.  If <style> is non-null, look for <style> in the list of
  *	authorization methods found from (2); if <style> is NULL, default
  *	to LOGIN_DEFSTYLE ("passwd").
  *	4.  If the chosen style is found in the chosen list of authorization
  *	methods, return that; otherwise, return NULL.
  * E.g.:
  *     login_getstyle(lc, NULL, "ftp");
  *     login_getstyle(lc, "login", NULL);
  *     login_getstyle(lc, "skey", "network");
  */
 
 const char *
 login_getstyle(login_cap_t *lc, const char *style, const char *auth)
 {
     int	    i;
     const char **authtypes = NULL;
     char    *auths= NULL;
     char    realauth[64];
 
     static const char *defauthtypes[] = { LOGIN_DEFSTYLE, NULL };
 
     if (auth != NULL && *auth != '\0') {
 	if (snprintf(realauth, sizeof realauth, "auth-%s", auth) < (int)sizeof(realauth))
 	    authtypes = login_getcaplist(lc, realauth, NULL);
     }
 
     if (authtypes == NULL)
 	authtypes = login_getcaplist(lc, "auth", NULL);
 
     if (authtypes == NULL)
 	authtypes = defauthtypes;
 
     /*
      * We have at least one authtype now; auths is a comma-separated
      * (or space-separated) list of authentication types.  We have to
      * convert from this to an array of char*'s; authtypes then gets this.
      */
     i = 0;
     if (style != NULL && *style != '\0') {
 	while (authtypes[i] != NULL && strcmp(style, authtypes[i]) != 0)
 	    i++;
     }
 
     lc->lc_style = NULL;
     if (authtypes[i] != NULL && (auths = strdup(authtypes[i])) != NULL)
 	lc->lc_style = auths;
 
     if (lc->lc_style != NULL)
 	lc->lc_style = strdup(lc->lc_style);
 
     return lc->lc_style;
 }
Index: stable/11/lib/libutil/pw_util.c
===================================================================
--- stable/11/lib/libutil/pw_util.c	(revision 318120)
+++ stable/11/lib/libutil/pw_util.c	(revision 318121)
@@ -1,674 +1,674 @@
 /*-
  * Copyright (c) 1990, 1993, 1994
  *	The Regents of the University of California.  All rights reserved.
  * Copyright (c) 2002 Networks Associates Technology, Inc.
  * All rights reserved.
  *
  * Portions of this software were developed for the FreeBSD Project by
  * ThinkSec AS and NAI Labs, the Security Research Division of Network
  * Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
  * ("CBOSS"), as part of the DARPA CHATS research program.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  * 4. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 
 #ifndef lint
 #if 0
 static const char sccsid[] = "@(#)pw_util.c	8.3 (Berkeley) 4/2/94";
 #endif
 static const char rcsid[] =
   "$FreeBSD$";
 #endif /* not lint */
 
 /*
  * This file is used by all the "password" programs; vipw(8), chpass(1),
  * and passwd(1).
  */
 
 #include <sys/param.h>
 #include <sys/errno.h>
 #include <sys/time.h>
 #include <sys/resource.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
 
 #include <ctype.h>
 #include <err.h>
 #include <fcntl.h>
 #include <inttypes.h>
 #include <paths.h>
 #include <pwd.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 
 #include "libutil.h"
 
 static pid_t editpid = -1;
 static int lockfd = -1;
 static char masterpasswd[PATH_MAX];
 static char passwd_dir[PATH_MAX];
 static char tempname[PATH_MAX];
 static int initialized;
 
 #if 0
 void
 pw_cont(int sig)
 {
 
 	if (editpid != -1)
 		kill(editpid, sig);
 }
 #endif
 
 /*
  * Initialize statics and set limits, signals & umask to try to avoid
  * interruptions, crashes etc. that might expose passord data.
  */
 int
 pw_init(const char *dir, const char *master)
 {
 #if 0
 	struct rlimit rlim;
 #endif
 
 	if (dir == NULL) {
 		strcpy(passwd_dir, _PATH_ETC);
 	} else {
 		if (strlen(dir) >= sizeof(passwd_dir)) {
 			errno = ENAMETOOLONG;
 			return (-1);
 		}
 		strcpy(passwd_dir, dir);
 	}
 
 	if (master == NULL) {
 		if (dir == NULL) {
 			strcpy(masterpasswd, _PATH_MASTERPASSWD);
 		} else if (snprintf(masterpasswd, sizeof(masterpasswd), "%s/%s",
 		    passwd_dir, _MASTERPASSWD) > (int)sizeof(masterpasswd)) {
 			errno = ENAMETOOLONG;
 			return (-1);
 		}
 	} else {
 		if (strlen(master) >= sizeof(masterpasswd)) {
 			errno = ENAMETOOLONG;
 			return (-1);
 		}
 		strcpy(masterpasswd, master);
 	}
 
 	/*
 	 * The code that follows is extremely disruptive to the calling
 	 * process, and is therefore disabled until someone can conceive
 	 * of a realistic scenario where it would fend off a compromise.
 	 * Race conditions concerning the temporary files can be guarded
 	 * against in other ways than masking signals (by checking stat(2)
 	 * results after creation).
 	 */
 #if 0
 	/* Unlimited resource limits. */
 	rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
 	(void)setrlimit(RLIMIT_CPU, &rlim);
 	(void)setrlimit(RLIMIT_FSIZE, &rlim);
 	(void)setrlimit(RLIMIT_STACK, &rlim);
 	(void)setrlimit(RLIMIT_DATA, &rlim);
 	(void)setrlimit(RLIMIT_RSS, &rlim);
 
 	/* Don't drop core (not really necessary, but GP's). */
 	rlim.rlim_cur = rlim.rlim_max = 0;
 	(void)setrlimit(RLIMIT_CORE, &rlim);
 
 	/* Turn off signals. */
 	(void)signal(SIGALRM, SIG_IGN);
 	(void)signal(SIGHUP, SIG_IGN);
 	(void)signal(SIGINT, SIG_IGN);
 	(void)signal(SIGPIPE, SIG_IGN);
 	(void)signal(SIGQUIT, SIG_IGN);
 	(void)signal(SIGTERM, SIG_IGN);
 	(void)signal(SIGCONT, pw_cont);
 
 	/* Create with exact permissions. */
 	(void)umask(0);
 #endif
 	initialized = 1;
 	return (0);
 }
 
 /*
  * Lock the master password file.
  */
 int
 pw_lock(void)
 {
 
 	if (*masterpasswd == '\0')
 		return (-1);
 
 	/*
 	 * If the master password file doesn't exist, the system is hosed.
 	 * Might as well try to build one.  Set the close-on-exec bit so
 	 * that users can't get at the encrypted passwords while editing.
 	 * Open should allow flock'ing the file; see 4.4BSD.	XXX
 	 */
 	for (;;) {
 		struct stat st;
 
 		lockfd = flopen(masterpasswd, O_RDONLY|O_NONBLOCK|O_CLOEXEC, 0);
 		if (lockfd == -1) {
 			if (errno == EWOULDBLOCK) {
 				errx(1, "the password db file is busy");
 			} else {
 				err(1, "could not lock the passwd file: ");
 			}
 		}
 
 		/*
 		 * If the password file was replaced while we were trying to
 		 * get the lock, our hardlink count will be 0 and we have to
 		 * close and retry.
 		 */
 		if (fstat(lockfd, &st) == -1)
 			err(1, "fstat() failed: ");
 		if (st.st_nlink != 0)
 			break;
 		close(lockfd);
 		lockfd = -1;
 	}
 	return (lockfd);
 }
 
 /*
  * Create and open a presumably safe temp file for editing the password
  * data, and copy the master password file into it.
  */
 int
 pw_tmp(int mfd)
 {
 	char buf[8192];
 	ssize_t nr;
 	const char *p;
 	int tfd;
 
 	if (*masterpasswd == '\0')
 		return (-1);
 	if ((p = strrchr(masterpasswd, '/')))
 		++p;
 	else
 		p = masterpasswd;
 	if (snprintf(tempname, sizeof(tempname), "%.*spw.XXXXXX",
 		(int)(p - masterpasswd), masterpasswd) >= (int)sizeof(tempname)) {
 		errno = ENAMETOOLONG;
 		return (-1);
 	}
 	if ((tfd = mkostemp(tempname, 0)) == -1)
 		return (-1);
 	if (mfd != -1) {
 		while ((nr = read(mfd, buf, sizeof(buf))) > 0)
 			if (write(tfd, buf, (size_t)nr) != nr)
 				break;
 		if (nr != 0) {
 			unlink(tempname);
 			*tempname = '\0';
 			close(tfd);
 			return (-1);
 		}
 	}
 	return (tfd);
 }
 
 /*
  * Regenerate the password database.
  */
 int
 pw_mkdb(const char *user)
 {
 	int pstat;
 	pid_t pid;
 
 	(void)fflush(stderr);
 	switch ((pid = fork())) {
 	case -1:
 		return (-1);
 	case 0:
 		/* child */
 		if (user == NULL)
 			execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p",
 			    "-d", passwd_dir, tempname, (char *)NULL);
 		else
 			execl(_PATH_PWD_MKDB, "pwd_mkdb", "-p",
 			    "-d", passwd_dir, "-u", user, tempname,
 			    (char *)NULL);
 		_exit(1);
 		/* NOTREACHED */
 	default:
 		/* parent */
 		break;
 	}
 	if (waitpid(pid, &pstat, 0) == -1)
 		return (-1);
 	if (WIFEXITED(pstat) && WEXITSTATUS(pstat) == 0)
 		return (0);
 	errno = 0;
 	return (-1);
 }
 
 /*
  * Edit the temp file.  Return -1 on error, >0 if the file was modified, 0
  * if it was not.
  */
 int
 pw_edit(int notsetuid)
 {
 	struct sigaction sa, sa_int, sa_quit;
 	sigset_t oldsigset, nsigset;
 	struct stat st1, st2;
 	const char *editor;
 	int pstat;
 
 	if ((editor = getenv("EDITOR")) == NULL)
 		editor = _PATH_VI;
 	if (stat(tempname, &st1) == -1)
 		return (-1);
 	sa.sa_handler = SIG_IGN;
 	sigemptyset(&sa.sa_mask);
 	sa.sa_flags = 0;
 	sigaction(SIGINT, &sa, &sa_int);
 	sigaction(SIGQUIT, &sa, &sa_quit);
 	sigemptyset(&nsigset);
 	sigaddset(&nsigset, SIGCHLD);
 	sigprocmask(SIG_BLOCK, &nsigset, &oldsigset);
 	switch ((editpid = fork())) {
 	case -1:
 		return (-1);
 	case 0:
 		sigaction(SIGINT, &sa_int, NULL);
 		sigaction(SIGQUIT, &sa_quit, NULL);
 		sigprocmask(SIG_SETMASK, &oldsigset, NULL);
 		if (notsetuid) {
 			(void)setgid(getgid());
 			(void)setuid(getuid());
 		}
 		errno = 0;
 		execlp(editor, editor, tempname, (char *)NULL);
 		_exit(errno);
 	default:
 		/* parent */
 		break;
 	}
 	for (;;) {
 		if (waitpid(editpid, &pstat, WUNTRACED) == -1) {
 			if (errno == EINTR)
 				continue;
 			unlink(tempname);
 			editpid = -1;
 			break;
 		} else if (WIFSTOPPED(pstat)) {
 			raise(WSTOPSIG(pstat));
 		} else if (WIFEXITED(pstat) && WEXITSTATUS(pstat) == 0) {
 			editpid = -1;
 			break;
 		} else {
 			unlink(tempname);
 			editpid = -1;
 			break;
 		}
 	}
 	sigaction(SIGINT, &sa_int, NULL);
 	sigaction(SIGQUIT, &sa_quit, NULL);
 	sigprocmask(SIG_SETMASK, &oldsigset, NULL);
 	if (stat(tempname, &st2) == -1)
 		return (-1);
 	return (st1.st_mtim.tv_sec != st2.st_mtim.tv_sec ||
 	    st1.st_mtim.tv_nsec != st2.st_mtim.tv_nsec);
 }
 
 /*
  * Clean up.  Preserve errno for the caller's convenience.
  */
 void
 pw_fini(void)
 {
 	int serrno, status;
 
 	if (!initialized)
 		return;
 	initialized = 0;
 	serrno = errno;
 	if (editpid != -1) {
 		kill(editpid, SIGTERM);
 		kill(editpid, SIGCONT);
 		waitpid(editpid, &status, 0);
 		editpid = -1;
 	}
 	if (*tempname != '\0') {
 		unlink(tempname);
 		*tempname = '\0';
 	}
 	if (lockfd != -1)
 		close(lockfd);
 	errno = serrno;
 }
 
 /*
  * Compares two struct pwds.
  */
 int
 pw_equal(const struct passwd *pw1, const struct passwd *pw2)
 {
 	return (strcmp(pw1->pw_name, pw2->pw_name) == 0 &&
 	    pw1->pw_uid == pw2->pw_uid &&
 	    pw1->pw_gid == pw2->pw_gid &&
 	    strcmp(pw1->pw_class, pw2->pw_class) == 0 &&
 	    pw1->pw_change == pw2->pw_change &&
 	    pw1->pw_expire == pw2->pw_expire &&
 	    strcmp(pw1->pw_gecos, pw2->pw_gecos) == 0 &&
 	    strcmp(pw1->pw_dir, pw2->pw_dir) == 0 &&
 	    strcmp(pw1->pw_shell, pw2->pw_shell) == 0);
 }
 
 /*
  * Make a passwd line out of a struct passwd.
  */
 char *
 pw_make(const struct passwd *pw)
 {
 	char *line;
 
 	asprintf(&line, "%s:%s:%ju:%ju:%s:%ju:%ju:%s:%s:%s", pw->pw_name,
 	    pw->pw_passwd, (uintmax_t)pw->pw_uid, (uintmax_t)pw->pw_gid,
 	    pw->pw_class, (uintmax_t)pw->pw_change, (uintmax_t)pw->pw_expire,
 	    pw->pw_gecos, pw->pw_dir, pw->pw_shell);
 	return (line);
 }
 
 /*
  * Make a passwd line (in v7 format) out of a struct passwd
  */
 char *
 pw_make_v7(const struct passwd *pw)
 {
 	char *line;
 
 	asprintf(&line, "%s:*:%ju:%ju:%s:%s:%s", pw->pw_name,
 	    (uintmax_t)pw->pw_uid, (uintmax_t)pw->pw_gid,
 	    pw->pw_gecos, pw->pw_dir, pw->pw_shell);
 	return (line);
 }
 
 /*
  * Copy password file from one descriptor to another, replacing, deleting
  * or adding a single record on the way.
  */
 int
 pw_copy(int ffd, int tfd, const struct passwd *pw, struct passwd *old_pw)
 {
 	char *buf, *end, *line, *p, *q, *r, *tmp;
 	struct passwd *fpw;
 	const struct passwd *spw;
 	size_t len, size;
 	int eof, readlen;
 	char t;
 
 	if (old_pw == NULL && pw == NULL)
 			return (-1);
 
 	spw = old_pw;
 	/* deleting a user */
 	if (pw == NULL) {
 		line = NULL;
 	} else {
 		if ((line = pw_make(pw)) == NULL)
 			return (-1);
 	}
 
 	/* adding a user */
 	if (spw == NULL)
 		spw = pw;
 
 	/* initialize the buffer */
 	if ((buf = malloc(size = 1024)) == NULL)
 		goto err;
 
 	eof = 0;
 	len = 0;
 	p = q = end = buf;
 	for (;;) {
 		/* find the end of the current line */
 		for (p = q; q < end && *q != '\0'; ++q)
 			if (*q == '\n')
 				break;
 
 		/* if we don't have a complete line, fill up the buffer */
 		if (q >= end) {
 			if (eof)
 				break;
 			while ((size_t)(q - p) >= size) {
-				if ((tmp = realloc(buf, size * 2)) == NULL) {
+				if ((tmp = reallocarray(buf, 2, size)) == NULL) {
 					warnx("passwd line too long");
 					goto err;
 				}
 				p = tmp + (p - buf);
 				q = tmp + (q - buf);
 				end = tmp + (end - buf);
 				buf = tmp;
 				size = size * 2;
 			}
 			if (p < end) {
 				q = memmove(buf, p, end - p);
 				end -= p - buf;
 			} else {
 				p = q = end = buf;
 			}
 			readlen = read(ffd, end, size - (end - buf));
 			if (readlen == -1)
 				goto err;
 			else
 				len = (size_t)readlen;
 			if (len == 0 && p == buf)
 				break;
 			end += len;
 			len = end - buf;
 			if (len < size) {
 				eof = 1;
 				if (len > 0 && buf[len - 1] != '\n')
 					++len, *end++ = '\n';
 			}
 			continue;
 		}
 
 		/* is it a blank line or a comment? */
 		for (r = p; r < q && isspace(*r); ++r)
 			/* nothing */ ;
 		if (r == q || *r == '#') {
 			/* yep */
 			if (write(tfd, p, q - p + 1) != q - p + 1)
 				goto err;
 			++q;
 			continue;
 		}
 
 		/* is it the one we're looking for? */
 
 		t = *q;
 		*q = '\0';
 
 		fpw = pw_scan(r, PWSCAN_MASTER);
 
 		/*
 		 * fpw is either the struct passwd for the current line,
 		 * or NULL if the line is malformed.
 		 */
 
 		*q = t;
 		if (fpw == NULL || strcmp(fpw->pw_name, spw->pw_name) != 0) {
 			/* nope */
 			if (fpw != NULL)
 				free(fpw);
 			if (write(tfd, p, q - p + 1) != q - p + 1)
 				goto err;
 			++q;
 			continue;
 		}
 		if (old_pw && !pw_equal(fpw, old_pw)) {
 			warnx("entry inconsistent");
 			free(fpw);
 			errno = EINVAL; /* hack */
 			goto err;
 		}
 		free(fpw);
 
 		/* it is, replace or remove it */
 		if (line != NULL) {
 			len = strlen(line);
 			if (write(tfd, line, len) != (int)len)
 				goto err;
 		} else {
 			/* when removed, avoid the \n */
 			q++;
 		}
 		/* we're done, just copy the rest over */
 		for (;;) {
 			if (write(tfd, q, end - q) != end - q)
 				goto err;
 			q = buf;
 			readlen = read(ffd, buf, size);
 			if (readlen == 0)
 				break;
 			else
 				len = (size_t)readlen;
 			if (readlen == -1)
 				goto err;
 			end = buf + len;
 		}
 		goto done;
 	}
 
 	/* if we got here, we didn't find the old entry */
 	if (line == NULL) {
 		errno = ENOENT;
 		goto err;
 	}
 	len = strlen(line);
 	if ((size_t)write(tfd, line, len) != len ||
 	    write(tfd, "\n", 1) != 1)
 		goto err;
  done:
 	free(line);
 	free(buf);
 	return (0);
  err:
 	free(line);
 	free(buf);
 	return (-1);
 }
 
 /*
  * Return the current value of tempname.
  */
 const char *
 pw_tempname(void)
 {
 
 	return (tempname);
 }
 
 /*
  * Duplicate a struct passwd.
  */
 struct passwd *
 pw_dup(const struct passwd *pw)
 {
 	char *dst;
 	struct passwd *npw;
 	ssize_t len;
 
 	len = sizeof(*npw);
 	if (pw->pw_name != NULL)
 		len += strlen(pw->pw_name) + 1;
 	if (pw->pw_passwd != NULL)
 		len += strlen(pw->pw_passwd) + 1;
 	if (pw->pw_class != NULL)
 		len += strlen(pw->pw_class) + 1;
 	if (pw->pw_gecos != NULL)
 		len += strlen(pw->pw_gecos) + 1;
 	if (pw->pw_dir != NULL)
 		len += strlen(pw->pw_dir) + 1;
 	if (pw->pw_shell != NULL)
 		len += strlen(pw->pw_shell) + 1;
 	if ((npw = malloc((size_t)len)) == NULL)
 		return (NULL);
 	memcpy(npw, pw, sizeof(*npw));
 	dst = (char *)npw + sizeof(*npw);
 	if (pw->pw_name != NULL) {
 		npw->pw_name = dst;
 		dst = stpcpy(npw->pw_name, pw->pw_name) + 1;
 	}
 	if (pw->pw_passwd != NULL) {
 		npw->pw_passwd = dst;
 		dst = stpcpy(npw->pw_passwd, pw->pw_passwd) + 1;
 	}
 	if (pw->pw_class != NULL) {
 		npw->pw_class = dst;
 		dst = stpcpy(npw->pw_class, pw->pw_class) + 1;
 	}
 	if (pw->pw_gecos != NULL) {
 		npw->pw_gecos = dst;
 		dst = stpcpy(npw->pw_gecos, pw->pw_gecos) + 1;
 	}
 	if (pw->pw_dir != NULL) {
 		npw->pw_dir = dst;
 		dst = stpcpy(npw->pw_dir, pw->pw_dir) + 1;
 	}
 	if (pw->pw_shell != NULL) {
 		npw->pw_shell = dst;
 		dst = stpcpy(npw->pw_shell, pw->pw_shell) + 1;
 	}
 	return (npw);
 }
 
 #include "pw_scan.h"
 
 /*
  * Wrapper around an internal libc function
  */
 struct passwd *
 pw_scan(const char *line, int flags)
 {
 	struct passwd pw, *ret;
 	char *bp;
 
 	if ((bp = strdup(line)) == NULL)
 		return (NULL);
 	if (!__pw_scan(bp, &pw, flags)) {
 		free(bp);
 		return (NULL);
 	}
 	ret = pw_dup(&pw);
 	free(bp);
 	return (ret);
 }
Index: stable/11
===================================================================
--- stable/11	(revision 318120)
+++ stable/11	(revision 318121)

Property changes on: stable/11
___________________________________________________________________
Modified: svn:mergeinfo
## -0,0 +0,1 ##
   Merged /head:r317265