a fixed stack buffer when constructing HTTP requests. Prevents an overflow
if a malicious VPN gateway sends a very long hostname/path (for redirects)
or cookie list. (There is a newer release of OpenConnect which includes
this fix, but also some bigger code changes, so that will wait until we
are done with 5.3 release). ok aja@ jasper@
was already pulled in via libs, so no new deps), and avoid SEPARATE_BUILD
for now as the code to detect a version mismatch between binary and lib
in this version doesn't handle it.
OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
supported by the ASA5500 Series, IOS 12.4(9)T or later on Cisco SR500,
870, 880, 1800, 2800, 3800, 7200 Series and 7301 Routers, and probably
others. Features include:
- Connection through HTTP/SOCKS5 proxy.
- Automatic detection of IPv4 and IPv6 address, routes.
- Authentication via HTTP forms.
- Authentication using SSL certificates.
- Data transport over TCP (HTTPS) or UDP (DTLS).
- Keepalive and Dead Peer Detection on both HTTPS and DTLS.
- Automatic update of VPN server list / configuration.
- Roaming support, allowing reconnection when the local
IP address changes.
ok/tweaks jasper@, and *big* thanks to upstream developer David Woodhouse
for letting me have access to his test server, noticing+tracking down
problems with vpnc-script when configuring v6 addresses on tun on OpenBSD,
and testing the fix for this on a range of OS.
