insufficient check of snprintf()'s return value, see gentoo bug #184815.
The exploit provided appearently doesn't trigger the overflow in
NetBSD; this might be due to different error return behavior of snprintf
implementations, or due to the fact that out tcpdump is still 3.8.3
while the bug was reported against 3.9.x. The fix looks correct in any
case.
The exploit caused an endless loop at another place instead, due
to an obvious bug, so fix this too.
Also apply another patch which was applied to the 3.8 branch upstream
but never released: rev. 1.72.2.5, infinite loop protection for ldp and bgp
We should update tcpdump to 3.9.x.
This is part one of moving the authoritive version from
src/usr.sbin/pkg_install to pkgsrc/pkgtools/pkg_install/files.
Discussed with and agreed by: jlam@, agc@, adrianp@
Raised issue to and not objected by: core@
yamt's reading of RFC 3720 is correct (see section 12.10, InitialR2T).
The desired transfer length in the initial ready to transmit
negotiation should not include any immediate data.
before system header file inclusion magically causing what "read" is
#defined to to pick up a read-like prototype. For sanity's sake, put
prototypes for revolting trace_mr stuff in their own header file (instead
of nowhere at all and using the trick referenced above).
"state lock" flag (if-bound, gr-bound, floating) at the end of a
NAT rule. The new syntax is backwards-compatbile with the old
syntax.
PF (kernel): change the macro BOUND_IFACE() to the inline function
bound_iface(), and add a new argument, the applicable NAT rule.
Use both the flags on the applicable filter rule and on the applicable
NAT rule to decide whether or not to bind a state to the interface
or the group where it is created.
a "long long" - giving a compilation warning.
Check for the presence of PRIu64 and use that in preference.
Adjust code to avoid multiple printf() calls.
Use unsigned format specifiers in all cases.
