Stanislav Sedov
6760b335c6
- Prevent buffer overflow in IPFilter's load_http function used to load
...
ipfilter tables via http by the user-level ippool utility. Previously
the 1024-byte buffer used to store a http request coudld easily overflow
if the length of the hostname part of the url passes exceeded 496 bytes. [1]
- Use snprintf to prevent possieble buffer overflows in future. [2]
- Do not try to close the descriptor twice on failure. [2]
Reported by: Maksymilian Arciemowicz <cxib@securityreason.com> [1]
Obtained from: NetBSD CVS [2]
MFC after: 2 weeks
2009-05-29 16:24:23 +00:00
Darren Reed
52c7653383
2020447 IPFilter's NAT can undo name server random port selection
...
Approved by: darrenr
MFC after: 1 week
Security: CERT VU#521769
2008-07-24 12:35:05 +00:00
Darren Reed
e86e344222
Pullup IPFilter 4.1.28 from the vendor branch into HEAD.
...
MFC after: 7 days
2007-10-18 21:52:14 +00:00
Darren Reed
9a214eca1f
This commit was generated by cvs2svn to compensate for changes in r172771,
...
which included commits to RCS files with non-trunk default branches.
2007-10-18 21:42:51 +00:00
Darren Reed
39ff65a633
Import IPFilter 4.1.28
2007-10-18 21:42:51 +00:00
Darren Reed
c485ab2d8d
Remove files no longer required to build IPFilter
2007-06-04 03:07:34 +00:00
Darren Reed
d7eeb25225
Merge IPFilter 4.1.23 back to HEAD
...
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
2007-06-04 02:54:36 +00:00
Darren Reed
4a9a9e0514
Import IPFilter 4.1.23 to vendor branch.
...
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
2007-06-04 02:50:28 +00:00
Darren Reed
2bf2a702cc
This commit was generated by cvs2svn to compensate for changes in r170263,
...
which included commits to RCS files with non-trunk default branches.
2007-06-04 02:50:28 +00:00
Guido van Rooij
dac098f2c9
Resolve conflicts
...
MFC after: 1 weeks
2006-08-16 12:23:02 +00:00
Guido van Rooij
4e39c44e09
Import IP Filter 4.1.13
2006-08-16 11:51:32 +00:00
Guido van Rooij
2b8b5c44fc
This commit was generated by cvs2svn to compensate for changes in r161351,
...
which included commits to RCS files with non-trunk default branches.
2006-08-16 11:51:32 +00:00
Guido van Rooij
25508d6cfb
Resolve conflicts (and believe me...you don't want to know).
2005-12-30 11:52:26 +00:00
Guido van Rooij
e246b3be6f
Import IP Filter 4.1.10
2005-12-30 11:34:54 +00:00
Guido van Rooij
855921cec5
This commit was generated by cvs2svn to compensate for changes in r153877,
...
which included commits to RCS files with non-trunk default branches.
2005-12-30 11:34:54 +00:00
Darren Reed
721c3c7cc6
Fix some minor problems before release:
...
(1) "ipf -T" is broken for fetching single entries and
(2) loading rules with numbered collections does not order insertion right.
(3) stats aren't accumulated for hash table memory failures
Approved by: re (dwhite)
2005-06-23 14:19:02 +00:00
Darren Reed
e01de6cda3
Don't use quad_t on FreeBSD (deprecated) so use "long long" instead.
...
Someday this should be converted to uint64_t and printstate.c changed to
use those horrid PRiud64 things.
2005-04-28 21:36:30 +00:00
Darren Reed
eaa8e3e8c5
Fix problems with building libipf:
...
ipf_dontuning.c - change the include to look in netinet for ipl.h
ipft_tx.c - make the private use of arrays with tcp flags info in them more
not use names that can be "confusing"
2005-04-26 14:27:12 +00:00
Darren Reed
750e88322f
* Someone imported a lot of files with the wrong CVS tag, so lots of files need
...
that fixed in them....
* Keep unnecessary files out of the non-vendor part of this CVS repository.
2005-04-25 18:20:15 +00:00
Darren Reed
144279dcb8
import ipfilter 4.1.8 into the vendor branch
2005-04-25 17:31:50 +00:00