[ntp:questions] ntpdate.c unsafe buffer write

Danny Mayer mayer at ntp.isc.org
Sun Mar 2 02:54:43 UTC 2008


Ulrich Windl wrote:
> Unruh <unruh-spam at physics.ubc.ca> writes:
> 
>> In ntpdate.c around line 542 (4.2.4p4)is the sequence
>> if (!authistrusted(sys_authkey)) {
>>          char buf[10];
>>
>>          (void) sprintf(buf, "%lu", (unsigned long)sys_authkey);
>>          msyslog(LOG_ERR, "authentication key %s unknown", buf);
> 
> Is that too simple?
>           msyslog(LOG_ERR, "authentication key %lu unknown",
>                   (unsigned long)sys_authkey);
> 

In this case it's the right solution. There's no need for an 
intermediate buffer here.

Danny



More information about the questions mailing list