From owner-cvs-sys Thu Nov 13 15:02:12 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id PAA00577 for cvs-sys-outgoing; Thu, 13 Nov 1997 15:02:12 -0800 (PST) (envelope-from owner-cvs-sys) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA00454; Thu, 13 Nov 1997 15:00:24 -0800 (PST) (envelope-from julian@FreeBSD.org) From: Julian Elischer Received: (from julian@localhost) by freefall.freebsd.org (8.8.6/8.8.5) id OAA09385; Thu, 13 Nov 1997 14:57:58 -0800 (PST) Date: Thu, 13 Nov 1997 14:57:58 -0800 (PST) Message-Id: <199711132257.OAA09385@freefall.freebsd.org> To: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-sys@FreeBSD.ORG Subject: cvs commit: src/sys/netinet ip_input.c Sender: owner-cvs-sys@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk julian 1997/11/13 14:57:58 PST Modified files: sys/netinet ip_input.c Log: Submitted by: Archie cobbs (IPDIVERT author) close small security hole where an atacker could sendpackets with IPDIVERT protocol, and select how it would be diverted thus bypassing the ipfirewall. Discovered by inspection rather than attack. (you'd have to know how the firewall was configured (EXACTLY) to make use of this but..) Revision Changes Path 1.72 +7 -1 src/sys/netinet/ip_input.c