[ntp:bk-ntp-dev-send] BitKeeper diffs

stenn at whimsy.udel.edu stenn at whimsy.udel.edu
Fri Nov 14 09:24:22 UTC 2014


#### ChangeSet ####
2014-11-14 09:19:09+00:00, stenn at psp-fb1.ntp.org
  [Sec 2630] buffer overrun in ntpq tokenize()

==== ChangeLog ====
2014-11-14 09:18:54+00:00, stenn at psp-fb1.ntp.org +1 -0
  [Sec 2630] buffer overrun in ntpq tokenize()

--- 1.1560/ChangeLog	2014-11-14 03:52:58 -05:00
+++ 1.1561/ChangeLog	2014-11-14 04:18:54 -05:00
@@ -1,3 +1,4 @@
+* [Sec 2630] buffer overrun in ntpq tokenize().
 * [Bug 2661] ntpq crashes with mreadvar.
 (4.2.7p477) 2014/11/13 Released by Harlan Stenn <stenn at ntp.org>
 * [Bug 2657] Document that "restrict nopeer" intereferes with "pool".

==== ntpq/ntpq.c ====
2014-11-14 09:18:59+00:00, stenn at psp-fb1.ntp.org +16 -0
  [Sec 2630] buffer overrun in ntpq tokenize()

--- 1.152/ntpq/ntpq.c	2014-08-14 04:27:24 -04:00
+++ 1.153/ntpq/ntpq.c	2014-11-14 04:18:59 -05:00
@@ -1575,6 +1575,8 @@ tokenize(
 
 		if (*ntok == 1 && tokens[0][0] == ':') {
 			do {
+				if (sp - tspace >= MAXLINE)
+					goto toobig;
 				*sp++ = *cp++;
 			} while (!ISEOL(*cp));
 		}
@@ -1585,19 +1587,33 @@ tokenize(
 		else if (*cp == '\"') {
 			++cp;
 			do {
+				if (sp - tspace >= MAXLINE)
+					goto toobig;
 				*sp++ = *cp++;
 			} while ((*cp != '\"') && !ISEOL(*cp));
 			/* HMS: a missing closing " should be an error */
 		}
 		else {
 			do {
+				if (sp - tspace >= MAXLINE)
+					goto toobig;
 				*sp++ = *cp++;
 			} while ((*cp != '\"') && !ISSPACE(*cp) && !ISEOL(*cp));
 			/* HMS: Why check for a " in the previous line? */
 		}
 
+		if (sp - tspace >= MAXLINE)
+			goto toobig;
 		*sp++ = '\0';
 	}
+	return;
+
+  toobig:
+	*ntok = 0;
+	fprintf(stderr,
+		"***Line `%s' is too big\n",
+		line);
+	return;
 }
 
 

#### ChangeSet ####
2014-11-14 08:54:11+00:00, stenn at psp-fb1.ntp.org
  [Bug 2661] ntpq crashes with mreadvar

==== ChangeLog ====
2014-11-14 08:52:58+00:00, stenn at psp-fb1.ntp.org +1 -0
  [Bug 2661] ntpq crashes with mreadvar

--- 1.1559/ChangeLog	2014-11-13 04:01:12 -05:00
+++ 1.1560/ChangeLog	2014-11-14 03:52:58 -05:00
@@ -1,3 +1,4 @@
+* [Bug 2661] ntpq crashes with mreadvar.
 (4.2.7p477) 2014/11/13 Released by Harlan Stenn <stenn at ntp.org>
 * [Bug 2657] Document that "restrict nopeer" intereferes with "pool".
 (4.2.7p476) 2014/10/08 Released by Harlan Stenn <stenn at ntp.org>

==== ntpq/ntpq-subs.c ====
2014-11-14 08:53:44+00:00, stenn at psp-fb1.ntp.org +1 -1
  [Bug 2661] ntpq crashes with mreadvar

--- 1.100/ntpq/ntpq-subs.c	2014-08-14 04:27:24 -04:00
+++ 1.101/ntpq/ntpq-subs.c	2014-11-14 03:53:44 -05:00
@@ -1030,8 +1030,8 @@ mreadvar(
 				&from, &to, fp))
 		return;
 
+	ZERO(tmplist);
 	if (pcmd->nargs >= 3) {
-		ZERO(tmplist);
 		doaddvlist(tmplist, pcmd->argval[2].string);
 		pvars = tmplist;
 	} else {


More information about the bk-ntp-dev-send mailing list