[ntp:hackers] Please use strlcpy(), strlcat() in NTP distribution.

todd glassey tglassey at earthlink.net
Wed Apr 6 12:07:53 UTC 2011


On 4/5/2011 4:52 PM, Bruce Korb wrote:
> Hi Dave,
>
> You audited all eight calls?  Sorry you had to go through that.
> It is just that, as noted, "strncpy" is brain damaged and "strlcpy"
> is not widely available.....
So then IFDEF this... or allow it as part of the AUTOCONF setup in the 
MAKE CONFIG control flow.
> Cheers - Bruce
>
> On Tue, Apr 5, 2011 at 3:43 PM, Dave Hart<hart at ntp.org>  wrote:
>> I've converted nearly all of the strcpy() and strncpy() uses in NTP to use
>> strlcpy(), and strcat() and strncat() to strlcat().  The big win is the
>> strl... routines always nul-terminate the resulting string, even when
>> truncating.
> I consider that the big bite.  If you're truncating, then you've not got the
> data you think you have.
Yes, but that doesnt mean that the data you got was bad, just that you 
initially expected more.
>   If you don't have the data you think you have
> then you're screwed.
Not necessarily. And throwing away those messages means you lose the 
opportunity to alarm or other response mode to  those sources.
>   Don't do that.
Disagree unless you have a stronger argument... as to why NTP is an 
asynchronous messaging system so the reference port needs to be able to 
accept bad messages as a form of policy and respond to them other than 
just throwing them away. Otherwise it needs to be formally stated :that 
the NTP Reference Port discards data in its audit practice" of which the 
implications are pretty scary.

There are any number of policy issues which can trigger this effect. The 
policy controls are the issue we face here and allowing a new control on 
short messages will handle this completely. Why not add a POLICY SWITCH 
to the Config File to allow for SHORT MESSAGE RESPONSE MODES and add the 
following for it:

BLOCK/DISCARD SHORT MESSAGES
REPORT SHORT MESSAGES

This of course means you have to do the setup to define what is expected 
from each source meaning that it probably wants to go into the 
SERVER/PEER statements as a switch or a second POLICY CONTROL switch set 
for those.

Just my two cents as an auditor.

Todd

>> The remaining strcpy()/strcat() calls in lib/isc and sntp/libopts have all
>> been audited and have no overrun issues.
> Again, thanks.  I could a told ya.....
> _______________________________________________
> hackers mailing list
> hackers at lists.ntp.org
> http://lists.ntp.org/listinfo/hackers
>



More information about the hackers mailing list