Commit Graph

20 Commits

Author SHA1 Message Date
Stanislav Sedov
6760b335c6 - Prevent buffer overflow in IPFilter's load_http function used to load
ipfilter tables via http by the user-level ippool utility. Previously
  the 1024-byte buffer used to store a http request coudld easily overflow
  if the length of the hostname part of the url passes exceeded 496 bytes. [1]
- Use snprintf to prevent possieble buffer overflows in future. [2]
- Do not try to close the descriptor twice on failure. [2]

Reported by:	Maksymilian Arciemowicz <cxib@securityreason.com> [1]
Obtained from:	NetBSD CVS [2]
MFC after:	2 weeks
2009-05-29 16:24:23 +00:00
Darren Reed
52c7653383 2020447 IPFilter's NAT can undo name server random port selection
Approved by:	darrenr
MFC after:	1 week
Security:	CERT VU#521769
2008-07-24 12:35:05 +00:00
Darren Reed
e86e344222 Pullup IPFilter 4.1.28 from the vendor branch into HEAD.
MFC after:	7 days
2007-10-18 21:52:14 +00:00
Darren Reed
9a214eca1f This commit was generated by cvs2svn to compensate for changes in r172771,
which included commits to RCS files with non-trunk default branches.
2007-10-18 21:42:51 +00:00
Darren Reed
39ff65a633 Import IPFilter 4.1.28 2007-10-18 21:42:51 +00:00
Darren Reed
c485ab2d8d Remove files no longer required to build IPFilter 2007-06-04 03:07:34 +00:00
Darren Reed
d7eeb25225 Merge IPFilter 4.1.23 back to HEAD
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
2007-06-04 02:54:36 +00:00
Darren Reed
4a9a9e0514 Import IPFilter 4.1.23 to vendor branch.
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
2007-06-04 02:50:28 +00:00
Darren Reed
2bf2a702cc This commit was generated by cvs2svn to compensate for changes in r170263,
which included commits to RCS files with non-trunk default branches.
2007-06-04 02:50:28 +00:00
Guido van Rooij
dac098f2c9 Resolve conflicts
MFC after:	1 weeks
2006-08-16 12:23:02 +00:00
Guido van Rooij
4e39c44e09 Import IP Filter 4.1.13 2006-08-16 11:51:32 +00:00
Guido van Rooij
2b8b5c44fc This commit was generated by cvs2svn to compensate for changes in r161351,
which included commits to RCS files with non-trunk default branches.
2006-08-16 11:51:32 +00:00
Guido van Rooij
25508d6cfb Resolve conflicts (and believe me...you don't want to know). 2005-12-30 11:52:26 +00:00
Guido van Rooij
e246b3be6f Import IP Filter 4.1.10 2005-12-30 11:34:54 +00:00
Guido van Rooij
855921cec5 This commit was generated by cvs2svn to compensate for changes in r153877,
which included commits to RCS files with non-trunk default branches.
2005-12-30 11:34:54 +00:00
Darren Reed
721c3c7cc6 Fix some minor problems before release:
(1) "ipf -T" is broken for fetching single entries and
(2) loading rules with numbered collections does not order insertion right.
(3) stats aren't accumulated for hash table memory failures

Approved by: re (dwhite)
2005-06-23 14:19:02 +00:00
Darren Reed
e01de6cda3 Don't use quad_t on FreeBSD (deprecated) so use "long long" instead.
Someday this should be converted to uint64_t and printstate.c changed to
use those horrid PRiud64 things.
2005-04-28 21:36:30 +00:00
Darren Reed
eaa8e3e8c5 Fix problems with building libipf:
ipf_dontuning.c - change the include to look in netinet for ipl.h
ipft_tx.c - make the private use of arrays with tcp flags info in them more
            not use names that can be "confusing"
2005-04-26 14:27:12 +00:00
Darren Reed
750e88322f * Someone imported a lot of files with the wrong CVS tag, so lots of files need
that fixed in them....
* Keep unnecessary files out of the non-vendor part of this CVS repository.
2005-04-25 18:20:15 +00:00
Darren Reed
144279dcb8 import ipfilter 4.1.8 into the vendor branch 2005-04-25 17:31:50 +00:00