[ntp:commitlogs] incoming pull in whimsy.udel.edu:/deacon/backroom/ntp-dev
Harlan Stenn
stenn at whimsy.udel.edu
Sat Aug 8 20:30:53 UTC 2009
VAR CLIENT SERVER
=== ====== ======
USER stenn stenn
HOST whimsy.udel.edu pogo.udel.edu
ROOT /deacon/backroom/ntp-dev/pogo/users/hart/ntp-dev-1279
LEVEL 1 1
TIME_T 1223742767 1238418126
UTC 20081011163247 20090330130206
VERSION bk-4.2 bk-4.3.1
stenn at whimsy.udel.edu fired the post-incoming--010commitlogs trigger in /deacon/backroom/ntp-dev
Received the following changesets
ChangeSet at 1.1944, 2009-08-08 17:30:14+00:00, davehart at shiny.ad.hartbrothers.com +21 -0
First pass at quieting Veracode static analysis warnings,
mostly buffer manipulation that is already safe but used
unsafe interface functions such as strcpy() and sprintf().
use emalloc(), estrdup() where appropriate.
libntp/msyslog.c at 1.23, 2009-08-08 17:30:11+00:00, davehart at shiny.ad.hartbrothers.com +7 -6
use memcpy instead of strcpy to quiet Veracode analysis warning
libntp/ntp_rfc2553.c at 1.39, 2009-08-08 17:30:11+00:00, davehart at shiny.ad.hartbrothers.com +2 -6
use estrdup() instead of malloc() then strcpy()
libntp/statestr.c at 1.17, 2009-08-08 17:30:11+00:00, davehart at shiny.ad.hartbrothers.com +5 -4
sprintf() -> snprintf() Veracode
libparse/parse.c at 1.13, 2009-08-08 17:30:11+00:00, davehart at shiny.ad.hartbrothers.com +1 -1
See if cast is enough to quiet Veracode int truncation warning
ntpd/ntp_config.c at 1.199, 2009-08-08 17:30:11+00:00, davehart at shiny.ad.hartbrothers.com +7 -3
sprintf()->snprintf()
check for unlink() failure
ntpd/ntp_control.c at 1.112, 2009-08-08 17:30:11+00:00, davehart at shiny.ad.hartbrothers.com +28 -27
strcpy() + strcat() -> snprintf()
strcpy() -> memcpy()
correct 'be" buffer end calculations
ntpd/ntp_intres.c at 1.64, 2009-08-08 17:30:11+00:00, davehart at shiny.ad.hartbrothers.com +7 -3
check for unlink() failure
ensure zero termination with strncpy()
ntpd/ntp_io.c at 1.295, 2009-08-08 17:30:12+00:00, davehart at shiny.ad.hartbrothers.com +1 -0
ensure null termination with strncpy
ntpd/ntp_scanner.c at 1.22, 2009-08-08 17:30:12+00:00, davehart at shiny.ad.hartbrothers.com +30 -5
bounds-check access to yytext[]
ntpd/ntp_signd.c at 1.2, 2009-08-08 17:30:12+00:00, davehart at shiny.ad.hartbrothers.com +1 -4
use emalloc()
ntpd/ntp_util.c at 1.73, 2009-08-08 17:30:12+00:00, davehart at shiny.ad.hartbrothers.com +8 -3
check for rename(), _unlink() failures
ntpd/ntpd.c at 1.106, 2009-08-08 17:30:12+00:00, davehart at shiny.ad.hartbrothers.com +7 -3
add chdir("/") after chroot(), can't hurt and Veracode wants it
ntpd/refclock_acts.c at 1.36, 2009-08-08 17:30:12+00:00, davehart at shiny.ad.hartbrothers.com +0 -3
emalloc() never returns NULL
ntpd/refclock_bancomm.c at 1.11, 2009-08-08 17:30:12+00:00, davehart at shiny.ad.hartbrothers.com +2 -3
use emalloc()
ntpd/refclock_datum.c at 1.13, 2009-08-08 17:30:12+00:00, davehart at shiny.ad.hartbrothers.com +1 -1
use emalloc()
ntpd/refclock_oncore.c at 1.78, 2009-08-08 17:30:12+00:00, davehart at shiny.ad.hartbrothers.com +7 -24
use emalloc()
ntpdate/ntpdate.c at 1.68, 2009-08-08 17:30:12+00:00, davehart at shiny.ad.hartbrothers.com +1 -1
use emalloc()
ntpdc/ntpdc.c at 1.67, 2009-08-08 17:30:12+00:00, davehart at shiny.ad.hartbrothers.com +1 -5
use emalloc()
ntpq/ntpq-subs.c at 1.32, 2009-08-08 17:30:12+00:00, davehart at shiny.ad.hartbrothers.com +2 -26
remove strsave from ntpq, same as libntp's estrdup()
ports/winnt/libisc/isc_strerror.c at 1.8, 2009-08-08 17:30:12+00:00, davehart at shiny.ad.hartbrothers.com +9 -6
use emalloc()
#undef our strerror() before calling the CRT version, infinite
recursion is no fun
ports/winnt/ntpd/ntp_iocompletionport.c at 1.47, 2009-08-08 17:30:12+00:00, davehart at shiny.ad.hartbrothers.com +8 -5
calloc() -> emalloc() then memset zero
More information about the commitlogs
mailing list