Date: Tue, 17 Jul 2001 03:30:21 -0700 (PDT) From: Ruslan Ermilov <ru@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet in_var.h Message-ID: <200107171030.f6HAUL176985@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
ru 2001/07/17 03:30:21 PDT
Modified files:
sys/netinet in_var.h
Log:
Backout damage to the INADDR_TO_IFP() macro in revision 1.7.
This macro was supposed to only match local IP addresses of
interfaces, and all consumers of this macro assume this as
well. (See IP_MULTICAST_IF and IP_ADD_MEMBERSHIP socket
options in the ip(4) manpage.)
This fixes a major security breach in IPFW-based firewalls
where the `me' keyword would match the other end of a P2P
link.
PR: kern/28567
Revision Changes Path
1.39 +6 -13 src/sys/netinet/in_var.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107171030.f6HAUL176985>