From 881d620e7fa39d12bdafb004905aea72e9beaffa Mon Sep 17 00:00:00 2001 From: Kjell Wooding Date: Wed, 24 May 2000 21:59:12 +0000 Subject: Update to ipf 3.3.16. among other things, this addresses a security issue with certain rule configurations: * don't add TCP state if it is an RST packet and (attempt) to send out RST/ICMP packets in a manner that bypasses IP Filter. --- sys/netinet/ip_auth.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'sys/netinet/ip_auth.c') diff --git a/sys/netinet/ip_auth.c b/sys/netinet/ip_auth.c index 43e73374df0..67f134fcd9d 100644 --- a/sys/netinet/ip_auth.c +++ b/sys/netinet/ip_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_auth.c,v 1.13 2000/05/01 06:16:47 kjell Exp $ */ +/* $OpenBSD: ip_auth.c,v 1.14 2000/05/24 21:59:10 kjell Exp $ */ /* * Copyright (C) 1998 by Darren Reed & Guido van Rooij. @@ -8,7 +8,7 @@ * to the original author and the contributors. */ #if !defined(lint) -static const char rcsid[] = "@(#)$IPFilter: ip_auth.c,v 2.1.2.3 2000/04/25 16:21:12 darrenr Exp $"; +static const char rcsid[] = "@(#)$IPFilter: ip_auth.c,v 2.1.2.4 2000/05/22 06:57:45 darrenr Exp $"; #endif #include @@ -198,17 +198,14 @@ fr_info_t *fin; * If we do, store it and wake up any user programs which are waiting to * hear about these events. */ -int fr_newauth(m, fin, ip -#if defined(_KERNEL) && SOLARIS -, qif) -qif_t *qif; -#else -) -#endif +int fr_newauth(m, fin, ip) mb_t *m; fr_info_t *fin; ip_t *ip; { +#if defined(_KERNEL) && SOLARIS + qif_t *qif = fin->fin_qif; +#endif int i; WRITE_ENTER(&ipf_auth); -- cgit v1.2.3