[ntp:hackers] [PATCH v1] Possible bug ntpq-subs

Paulo Neves ptsneves at gmail.com
Wed Mar 20 07:27:05 UTC 2019

Hello NTP hackers I recently had a null pointer deference on an error
printing. Could you check if this patch is acceptable?

Also I cannot create an account in bugzilla to open the bug there. Are
you guys aware of this?

>From 2d5c415d94bf468d60f582c75530dd8706cd2f22 Mon Sep 17 00:00:00 2001
From: Paulo Neves <paulo.neves at nokia.com>
Date: Tue, 19 Mar 2019 16:09:35 +0100
Subject: [PATCH 1/1] ntpq-subs: fprintf to stderr instead of potential NULL

Contrary to common behavior in ntpq-subs,
the dogetassoc functon prints to a passed
FILE pointer. The problem is that there is
code in ntpq_dogetassoc that calls dogetassoc
with NULL as the FILE* argument. This leads to
undefined behavior and NULL pointer references
in some cases.

This commit sets dogetassoc's fprintf FILE to

Signed-off-by: Paulo Neves <paulo.neves at nokia.com>
 ntpq/ntpq-subs.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ntpq/ntpq-subs.c b/ntpq/ntpq-subs.c
index 8495e20..d9a6985 100644
--- a/ntpq/ntpq-subs.c
+++ b/ntpq/ntpq-subs.c
@@ -1084,8 +1084,8 @@ dogetassoc(

     if (dsize == 0) {
         if (numhosts > 1)
-            fprintf(fp, "server=%s ", currenthost);
-        fprintf(fp, "No association ID's returned\n");
+            fprintf(stderr, "server=%s ", currenthost);
+        fprintf(stderr, "No association ID's returned\n");
         return 0;


More information about the hackers mailing list