freebsd-skq/contrib/ipfilter/lib
stas b6666822bf - Prevent buffer overflow in IPFilter's load_http function used to load
ipfilter tables via http by the user-level ippool utility. Previously
  the 1024-byte buffer used to store a http request coudld easily overflow
  if the length of the hostname part of the url passes exceeded 496 bytes. [1]
- Use snprintf to prevent possieble buffer overflows in future. [2]
- Do not try to close the descriptor twice on failure. [2]

Reported by:	Maksymilian Arciemowicz <cxib@securityreason.com> [1]
Obtained from:	NetBSD CVS [2]
MFC after:	2 weeks
2009-05-29 16:24:23 +00:00
..
addicmp.c
addipopt.c
alist_free.c
alist_new.c
bcopywrap.c
binprint.c
buildopts.c
checkrev.c
count4bits.c
count6bits.c
debug.c
facpri.c
facpri.h
fill6bits.c
flags.c
gethost.c
getifname.c
getnattype.c
getport.c
getportproto.c
getproto.c
getsumd.c
hostname.c
icmpcode.c
inet_addr.c
initparse.c
ionames.c
ipf_dotuning.c
ipft_ef.c
ipft_hx.c
ipft_pc.c
ipft_sn.c
ipft_td.c
ipft_tx.c
ipoptsec.c
kmem.c
kmem.h
kmemcpywrap.c
kvatoname.c
load_file.c
load_hash.c
load_hashnode.c
load_http.c
load_pool.c
load_poolnode.c
load_url.c
Makefile
mutex_emul.c
nametokva.c
nat_setgroupmap.c
ntomask.c
optname.c
optprint.c
optprintv6.c
optvalue.c
portname.c
print_toif.c
printactivenat.c
printaps.c
printbuf.c
printfr.c
printfraginfo.c
printhash_live.c
printhash.c
printhashdata.c
printhashnode.c
printhostmap.c
printhostmask.c
printifname.c
printip.c
printlog.c
printmask.c
printnat.c
printpacket6.c
printpacket.c
printpool_live.c
printpool.c
printpooldata.c
printpoolnode.c
printportcmp.c
printproto.c
printsbuf.c
printstate.c
printtqtable.c
printtunable.c
remove_hash.c
remove_hashnode.c
remove_pool.c
remove_poolnode.c
resetlexer.c
rwlock_emul.c
tcp_flags.c
tcpflags.c
tcpoptnames.c
v6ionames.c
v6optvalue.c
var.c
verbose.c