diff options
author | Kjell Wooding <kjell@cvs.openbsd.org> | 2000-04-05 05:35:29 +0000 |
---|---|---|
committer | Kjell Wooding <kjell@cvs.openbsd.org> | 2000-04-05 05:35:29 +0000 |
commit | 8ae87ff3f4775b57ca50cbc77079b9fbf25de85a (patch) | |
tree | a3c0b22826bb81f7f5bf66f5e1f7e9092012b2d1 /sbin | |
parent | bd065e16cb35ebcfbc352e4d0d3c7553d2e84e89 (diff) |
Update to ipf 3.3.12. Most fixes relate to hardening of
in-kernel ftp proxy. See sbin/ipf/HISTORY for details.
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ipf/HISTORY | 15 | ||||
-rw-r--r-- | sbin/ipf/ifaddr.c | 2 | ||||
-rw-r--r-- | sbin/ipf/ifaddr.h | 2 | ||||
-rw-r--r-- | sbin/ipf/parse.c | 6 |
4 files changed, 19 insertions, 6 deletions
diff --git a/sbin/ipf/HISTORY b/sbin/ipf/HISTORY index 84b5927fe03..bd61b940507 100644 --- a/sbin/ipf/HISTORY +++ b/sbin/ipf/HISTORY @@ -1,4 +1,4 @@ -# $OpenBSD: HISTORY,v 1.5 2000/03/13 23:40:19 kjell Exp $ +# $OpenBSD: HISTORY,v 1.6 2000/04/05 05:35:28 kjell Exp $ # # NOTE: Quite a few patches and suggestions come from other sources, to whom # I'm greatly indebted, even if no names are mentioned. @@ -21,6 +21,19 @@ # and especially those who have found the time to port IP Filter to new # platforms. # +3.3.12 16/03/2000 - Released + +tighten up ftp proxy behaviour. sigh. yuck. hate. + +fix bug in range check for NAT where the last IP# was not used. + +fix problem with icmp codes > 127 in filter rules caused bad things to +happen and in particular, where #18 caused the rule to be printed +erroneously. + +fix bug with the spl level not being reset when returning EIO from +iplioctl due to ipfilter not being initialized yet. + 3.3.11 04/03/2000 - Released make "or-block" work with lines that start with "log" diff --git a/sbin/ipf/ifaddr.c b/sbin/ipf/ifaddr.c index e34116d5feb..3f162c361a3 100644 --- a/sbin/ipf/ifaddr.c +++ b/sbin/ipf/ifaddr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ifaddr.c,v 1.4 2000/03/13 23:40:19 kjell Exp $ */ +/* $OpenBSD: ifaddr.c,v 1.5 2000/04/05 05:35:28 kjell Exp $ */ #include <sys/types.h> #include <sys/ioctl.h> #include <sys/socket.h> diff --git a/sbin/ipf/ifaddr.h b/sbin/ipf/ifaddr.h index 8810aac2d78..bb882dcddf7 100644 --- a/sbin/ipf/ifaddr.h +++ b/sbin/ipf/ifaddr.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ifaddr.h,v 1.4 2000/03/13 23:40:19 kjell Exp $ */ +/* $OpenBSD: ifaddr.h,v 1.5 2000/04/05 05:35:28 kjell Exp $ */ #ifndef __IFADDR_H__ #define __IFADDR_H__ diff --git a/sbin/ipf/parse.c b/sbin/ipf/parse.c index 819618680d8..8b3e04f1027 100644 --- a/sbin/ipf/parse.c +++ b/sbin/ipf/parse.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.c,v 1.33 2000/03/13 23:40:19 kjell Exp $ */ +/* $OpenBSD: parse.c,v 1.34 2000/04/05 05:35:28 kjell Exp $ */ /* * Copyright (C) 1993-1998 by Darren Reed. @@ -43,7 +43,7 @@ #if !defined(lint) static const char sccsid[] = "@(#)parse.c 1.44 6/5/96 (C) 1993-1996 Darren Reed"; -static const char rcsid[] = "@(#)$IPFilter: parse.c,v 2.1.2.11 2000/03/04 05:19:25 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: parse.c,v 2.1.2.12 2000/03/08 11:43:55 darrenr Exp $"; #endif extern struct ipopt_names ionames[], secclass[]; @@ -1560,7 +1560,7 @@ struct frentry *fp; type = ntohs(fp->fr_icmp); code = type & 0xff; type /= 256; - if (type < (sizeof(icmptypes) / sizeof(char *)) && + if (type < (sizeof(icmptypes) / sizeof(char *) - 1) && icmptypes[type]) printf(" icmp-type %s", icmptypes[type]); else |