[ntp:questions] ntpdate.c unsafe buffer write

Serge Bets serge.bets at NOSPAM.laposte.invalid
Mon Feb 11 22:50:38 UTC 2008

Hello David,

 On Monday, February 11, 2008 at 19:03:36 +0000, David L. Mills wrote:

> Both ntpdate and ntpd -q set the offset with adjtime() and then exit.
> After that, stock Unix adjtime() slews the clock at rate 500 PPM,
> which indeed could take 256 s for an initial offset of 128 ms.

And on some systems, adjtime() calls adjtimex(ADJ_OFFSET_SINGLESHOT) to
do the job.

Note that ntpdate does not stop slewing when it reaches the zero offset,
but voluntarily overshoots by 50%. That's why ntpdate -b (forced step)
or ntpd -q (exact slew until zero) are so much better.

> A prudent response would be to measure the initial offset and compute
> the time to wait.

Thanks! That's exactly what does the slew_sleeping script:


function slew_sleeping() {
  awk '
    /^ntpd: time slew .*s$/ {
      sleep = $4 * 2000
      if (sleep < 0)
	sleep = -sleep
      sleep = int(sleep + 0.999999)	# rounded by excess
      success = 1
    /^ntpd: time set .*s$/ {
      success = 1
      if (sleep) {
	printf "wait for the end of time slew, sleeping %d seconds\n", sleep
	system("sleep " sleep)
      exit success

# echo "ntpd: time slew -0.003000s" | slew_sleeping; exit

while ntpd -gq | slew_sleeping; do :; done; ntpd

Serge point Bets arobase laposte point net

More information about the questions mailing list