freebsd-dev/contrib/ipfilter/lib
Stanislav Sedov 6760b335c6 - Prevent buffer overflow in IPFilter's load_http function used to load
ipfilter tables via http by the user-level ippool utility. Previously
  the 1024-byte buffer used to store a http request coudld easily overflow
  if the length of the hostname part of the url passes exceeded 496 bytes. [1]
- Use snprintf to prevent possieble buffer overflows in future. [2]
- Do not try to close the descriptor twice on failure. [2]

Reported by:	Maksymilian Arciemowicz <cxib@securityreason.com> [1]
Obtained from:	NetBSD CVS [2]
MFC after:	2 weeks
2009-05-29 16:24:23 +00:00
..
addicmp.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
addipopt.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
alist_free.c Import IPFilter 4.1.23 to vendor branch. 2007-06-04 02:50:28 +00:00
alist_new.c Import IPFilter 4.1.28 2007-10-18 21:42:51 +00:00
bcopywrap.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
binprint.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
buildopts.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
checkrev.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
count4bits.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
count6bits.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
debug.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
facpri.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
facpri.h Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
fill6bits.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
flags.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
gethost.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
getifname.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
getnattype.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
getport.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
getportproto.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
getproto.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
getsumd.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
hostname.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
icmpcode.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
inet_addr.c Resolve conflicts (and believe me...you don't want to know). 2005-12-30 11:52:26 +00:00
initparse.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
ionames.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
ipf_dotuning.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
ipft_ef.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
ipft_hx.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
ipft_pc.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
ipft_sn.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
ipft_td.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
ipft_tx.c Pullup IPFilter 4.1.28 from the vendor branch into HEAD. 2007-10-18 21:52:14 +00:00
ipoptsec.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
kmem.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
kmem.h Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
kmemcpywrap.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
kvatoname.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
load_file.c Import IPFilter 4.1.23 to vendor branch. 2007-06-04 02:50:28 +00:00
load_hash.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
load_hashnode.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
load_http.c - Prevent buffer overflow in IPFilter's load_http function used to load 2009-05-29 16:24:23 +00:00
load_pool.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
load_poolnode.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
load_url.c Import IPFilter 4.1.23 to vendor branch. 2007-06-04 02:50:28 +00:00
Makefile Import IPFilter 4.1.28 2007-10-18 21:42:51 +00:00
mutex_emul.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
nametokva.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
nat_setgroupmap.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
ntomask.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
optname.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
optprint.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
optprintv6.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
optvalue.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
portname.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
print_toif.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printactivenat.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printaps.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printbuf.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printfr.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printfraginfo.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printhash_live.c Import IPFilter 4.1.23 to vendor branch. 2007-06-04 02:50:28 +00:00
printhash.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printhashdata.c Import IPFilter 4.1.23 to vendor branch. 2007-06-04 02:50:28 +00:00
printhashnode.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printhostmap.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printhostmask.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printifname.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printip.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printlog.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printmask.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printnat.c 2020447 IPFilter's NAT can undo name server random port selection 2008-07-24 12:35:05 +00:00
printpacket6.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printpacket.c Pullup IPFilter 4.1.28 from the vendor branch into HEAD. 2007-10-18 21:52:14 +00:00
printpool_live.c Import IPFilter 4.1.28 2007-10-18 21:42:51 +00:00
printpool.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printpooldata.c Import IPFilter 4.1.23 to vendor branch. 2007-06-04 02:50:28 +00:00
printpoolnode.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printportcmp.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printproto.c Import IPFilter 4.1.23 to vendor branch. 2007-06-04 02:50:28 +00:00
printsbuf.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
printstate.c Pullup IPFilter 4.1.28 from the vendor branch into HEAD. 2007-10-18 21:52:14 +00:00
printtqtable.c Import IPFilter 4.1.23 to vendor branch. 2007-06-04 02:50:28 +00:00
printtunable.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
remove_hash.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
remove_hashnode.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
remove_pool.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
remove_poolnode.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
resetlexer.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
rwlock_emul.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
tcp_flags.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
tcpflags.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
tcpoptnames.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
v6ionames.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
v6optvalue.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
var.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00
verbose.c Merge IPFilter 4.1.23 back to HEAD 2007-06-04 02:54:36 +00:00