[ntp:questions] ntpdate.c unsafe buffer write
Danny Mayer
mayer at ntp.isc.org
Sun Mar 2 02:54:43 UTC 2008
Ulrich Windl wrote:
> Unruh <unruh-spam at physics.ubc.ca> writes:
>
>> In ntpdate.c around line 542 (4.2.4p4)is the sequence
>> if (!authistrusted(sys_authkey)) {
>> char buf[10];
>>
>> (void) sprintf(buf, "%lu", (unsigned long)sys_authkey);
>> msyslog(LOG_ERR, "authentication key %s unknown", buf);
>
> Is that too simple?
> msyslog(LOG_ERR, "authentication key %lu unknown",
> (unsigned long)sys_authkey);
>
In this case it's the right solution. There's no need for an
intermediate buffer here.
Danny
More information about the questions
mailing list