[ntp:questions] NTP bugs: socktoa and ntp_io

stanislav shalunov shalunov at internet2.edu
Tue Mar 22 18:23:58 UTC 2005


I was trying to install ntp-4.2.0 on a Red Hat Enterprise Linux AS
release 3 (Taroon Update 3) with a 2.4.21-20.ELsmp kernel with Web100
patches.  I started with uninstalling the system ntpd using rpm, then
downloaded the ntp-4.2.0.tar.gz tarball with MD5 of
0f8fabe87cf54f409b57c6283f0c0c3d, unpacked it, and installed as usual.

The server would start, but then it would exit with a SIGSEGV a few
seconds later.  Using ntpd -d sped up the violation.  Inspection of
core file for would show that it died trying to dereference sock in
the switch line below.  The value of sock is 0x8, so it seems that
something might perhaps be calling socktoa with a file descriptor
rather than a pointer.  I haven't tracked that down, but the socktoa()
function has what looks like an obvious bug to me:

--- libntp/socktoa.c.orig       2003-07-17 06:27:23.000000000 -0400
+++ libntp/socktoa.c    2005-03-22 11:52:35.000000000 -0500
@@ -31,7 +31,7 @@
 
        LIB_GETBUF(buffer);
 
-       if (sock == NULL) printf("null");
+       if (sock == NULL) return "null";
 
        switch(sock->ss_family) {
 
Without the `-d' option, ntpd would exit a bit later (dropping core in
/).  The point of SIGSEGV is then is line 1377 of ntpd/ntp_io.c.  The
value of inter is 0.  Inserting

        if (inter == NULL) return;

before that switch line causes ntpd to skip the offending server.  I
haven't tracked down the problematic part in the code where inter gets
set to 0 in the first place.

Turns out that the offending servers are those with both IPv6 and IPv4
addresses.  Those that have only IPv4 addresses work fine.  I had no
IPv6-only to test with.

-- 
Stanislav Shalunov		http://www.internet2.edu/~shalunov/

This message is designed to be viewed at room temperature.



More information about the questions mailing list