[ntp:hackers] Please use strlcpy(), strlcat() in NTP distribution.
tglassey at earthlink.net
Wed Apr 6 12:07:53 UTC 2011
On 4/5/2011 4:52 PM, Bruce Korb wrote:
> Hi Dave,
> You audited all eight calls? Sorry you had to go through that.
> It is just that, as noted, "strncpy" is brain damaged and "strlcpy"
> is not widely available.....
So then IFDEF this... or allow it as part of the AUTOCONF setup in the
MAKE CONFIG control flow.
> Cheers - Bruce
> On Tue, Apr 5, 2011 at 3:43 PM, Dave Hart<hart at ntp.org> wrote:
>> I've converted nearly all of the strcpy() and strncpy() uses in NTP to use
>> strlcpy(), and strcat() and strncat() to strlcat(). The big win is the
>> strl... routines always nul-terminate the resulting string, even when
> I consider that the big bite. If you're truncating, then you've not got the
> data you think you have.
Yes, but that doesnt mean that the data you got was bad, just that you
initially expected more.
> If you don't have the data you think you have
> then you're screwed.
Not necessarily. And throwing away those messages means you lose the
opportunity to alarm or other response mode to those sources.
> Don't do that.
Disagree unless you have a stronger argument... as to why NTP is an
asynchronous messaging system so the reference port needs to be able to
accept bad messages as a form of policy and respond to them other than
just throwing them away. Otherwise it needs to be formally stated :that
the NTP Reference Port discards data in its audit practice" of which the
implications are pretty scary.
There are any number of policy issues which can trigger this effect. The
policy controls are the issue we face here and allowing a new control on
short messages will handle this completely. Why not add a POLICY SWITCH
to the Config File to allow for SHORT MESSAGE RESPONSE MODES and add the
following for it:
BLOCK/DISCARD SHORT MESSAGES
REPORT SHORT MESSAGES
This of course means you have to do the setup to define what is expected
from each source meaning that it probably wants to go into the
SERVER/PEER statements as a switch or a second POLICY CONTROL switch set
Just my two cents as an auditor.
>> The remaining strcpy()/strcat() calls in lib/isc and sntp/libopts have all
>> been audited and have no overrun issues.
> Again, thanks. I could a told ya.....
> hackers mailing list
> hackers at lists.ntp.org
More information about the hackers