[ntp:security] [Bug 2671] vallen is not validated, leading to potential info leak

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Mon Dec 15 12:10:16 UTC 2014


http://bugs.ntp.org/show_bug.cgi?id=2671

--- Comment #1 from Harlan Stenn <stenn at ntp.org> 2014-12-15 12:10:16 UTC ---
In ntp-stable:

571 is in crypto_recv(), in the ASSOC|RESP clause, where we copy the
peer->subject.

1162 is in crypto_xmit(), in the CERT|RESP clause, where we copy the certname.

1461 is in crypto_verify(), where we check the signature length.

1559 is in crypto_encrypt(), where we get the length of the public key.

2117 is in crypto_bob(), where we get the length of 'r' for the challenge.

In ntp-dev, these areas are:

575 (copying peer->subject)

1170 (copy the certname)

1461 (check the signature length)

1560 (length of the public key)

2122 (length of 'r')

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list