Date: Mon, 15 Jun 2009 21:54:26 +0000 (UTC) From: Stanislav Sedov <stas@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/contrib/ipfilter/lib load_http.c Message-ID: <200906152157.n5FLvS7I030472@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
stas 2009-06-15 21:54:26 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_6)
contrib/ipfilter/lib load_http.c
Log:
SVN rev 194268 on 2009-06-15 21:54:26Z by stas
MFC r193043:
- Prevent buffer overflow in IPFilter's load_http function used to load
ipfilter tables via http by the user-level ippool utility. Previously
the 1024-byte buffer used to store a http request coudld easily overflow
if the length of the hostname part of the url passes exceeded 496 bytes.
- Use snprintf to prevent possieble buffer overflows in future.
- Do not try to close the descriptor twice on failure.
Revision Changes Path
1.1.1.1.4.2 +19 -10 src/contrib/ipfilter/lib/load_http.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906152157.n5FLvS7I030472>