Date: Fri, 29 May 2009 16:24:23 +0000 (UTC) From: Stanislav Sedov <stas@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/contrib/ipfilter/lib load_http.c Message-ID: <200905291624.n4TGOcOq064231@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
stas 2009-05-29 16:24:23 UTC FreeBSD src repository Modified files: contrib/ipfilter/lib load_http.c Log: SVN rev 193043 on 2009-05-29 16:24:23Z by stas - Prevent buffer overflow in IPFilter's load_http function used to load ipfilter tables via http by the user-level ippool utility. Previously the 1024-byte buffer used to store a http request coudld easily overflow if the length of the hostname part of the url passes exceeded 496 bytes. [1] - Use snprintf to prevent possieble buffer overflows in future. [2] - Do not try to close the descriptor twice on failure. [2] Reported by: Maksymilian Arciemowicz <cxib@securityreason.com> [1] Obtained from: NetBSD CVS [2] MFC after: 2 weeks Revision Changes Path 1.2 +19 -10 src/contrib/ipfilter/lib/load_http.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905291624.n4TGOcOq064231>