stas
b6666822bf
- Prevent buffer overflow in IPFilter's load_http function used to load
...
ipfilter tables via http by the user-level ippool utility. Previously
the 1024-byte buffer used to store a http request coudld easily overflow
if the length of the hostname part of the url passes exceeded 496 bytes. [1]
- Use snprintf to prevent possieble buffer overflows in future. [2]
- Do not try to close the descriptor twice on failure. [2]
Reported by: Maksymilian Arciemowicz <cxib@securityreason.com> [1]
Obtained from: NetBSD CVS [2]
MFC after: 2 weeks
2009-05-29 16:24:23 +00:00
darrenr
49ad2adb91
2020447 IPFilter's NAT can undo name server random port selection
...
Approved by: darrenr
MFC after: 1 week
Security: CERT VU#521769
2008-07-24 12:35:05 +00:00
darrenr
fd172ed327
Pullup IPFilter 4.1.28 from the vendor branch into HEAD.
...
MFC after: 7 days
2007-10-18 21:52:14 +00:00
darrenr
3345281d0a
This commit was generated by cvs2svn to compensate for changes in r172771,
...
which included commits to RCS files with non-trunk default branches.
2007-10-18 21:42:51 +00:00
darrenr
71e82d94e8
Import IPFilter 4.1.28
2007-10-18 21:42:51 +00:00
darrenr
27a50eee47
Remove files no longer required to build IPFilter
2007-06-04 03:07:34 +00:00
darrenr
a33069b532
Merge IPFilter 4.1.23 back to HEAD
...
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
2007-06-04 02:54:36 +00:00
darrenr
e2e28d4361
Import IPFilter 4.1.23 to vendor branch.
...
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
2007-06-04 02:50:28 +00:00
darrenr
1dd4fa592d
This commit was generated by cvs2svn to compensate for changes in r170263,
...
which included commits to RCS files with non-trunk default branches.
2007-06-04 02:50:28 +00:00
guido
e49049679f
Resolve conflicts
...
MFC after: 1 weeks
2006-08-16 12:23:02 +00:00
guido
092f5d1218
Import IP Filter 4.1.13
2006-08-16 11:51:32 +00:00
guido
3a39cf5435
This commit was generated by cvs2svn to compensate for changes in r161351,
...
which included commits to RCS files with non-trunk default branches.
2006-08-16 11:51:32 +00:00
guido
7ee0924750
Resolve conflicts (and believe me...you don't want to know).
2005-12-30 11:52:26 +00:00
guido
9749beb9e3
Import IP Filter 4.1.10
2005-12-30 11:34:54 +00:00
guido
530bf89f14
This commit was generated by cvs2svn to compensate for changes in r153877,
...
which included commits to RCS files with non-trunk default branches.
2005-12-30 11:34:54 +00:00
darrenr
22c343ffc8
Fix some minor problems before release:
...
(1) "ipf -T" is broken for fetching single entries and
(2) loading rules with numbered collections does not order insertion right.
(3) stats aren't accumulated for hash table memory failures
Approved by: re (dwhite)
2005-06-23 14:19:02 +00:00
darrenr
a57939d5ce
Don't use quad_t on FreeBSD (deprecated) so use "long long" instead.
...
Someday this should be converted to uint64_t and printstate.c changed to
use those horrid PRiud64 things.
2005-04-28 21:36:30 +00:00
darrenr
6941302010
Fix problems with building libipf:
...
ipf_dontuning.c - change the include to look in netinet for ipl.h
ipft_tx.c - make the private use of arrays with tcp flags info in them more
not use names that can be "confusing"
2005-04-26 14:27:12 +00:00
darrenr
d643bc9db0
* Someone imported a lot of files with the wrong CVS tag, so lots of files need
...
that fixed in them....
* Keep unnecessary files out of the non-vendor part of this CVS repository.
2005-04-25 18:20:15 +00:00
darrenr
d438802dcb
import ipfilter 4.1.8 into the vendor branch
2005-04-25 17:31:50 +00:00