Implement a better fix. The previous fix allowed to overflow in a
different spot. This would still only lead to a crash, and would only be
reachable by arbitrary users if the admin enabled the agentx socket, and
set custom permissions.
OK deraadt@, mvs@
mention that compression could potentially leak information about session
contents (cf. the CRIME attack on TLS) if a connection allows attacker-
controlled traffic over it alongside trused traffic. This might occur
in some forwarding scenarios.
with deraadt@
In the vscsi_callback() handle ISCSI_SCSI_STAT_CHCK_COND more carefully.
Especially the embedded sense data needs to be extracted respecting the
real buffer length. Make sure at least 2 bytes are availabe for the lenght
and also check that the resulting len is not bigger then the buffer
itself.
Reported by Frank Denis
OK deraadt@
Introduce a force_update flag to force pend_prefix_add() calls
in adjout_prefix_update().
peer_dump() can be called with a preloaded Adj-RIB-Out and in that case
the code needs to force updates out. This is done instead of walking the
table twice -- once with peer_dump() and then with peer_blast().
Using the force_update flag there ensures that all entries are properly
sent to the peer.
OK tb@