[ntp:security] [Bug 3008] ctl_getitem() return value not always checked

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Wed Feb 3 06:22:23 UTC 2016


http://bugs.ntp.org/show_bug.cgi?id=3008

Harlan Stenn <stenn at ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Group|                            |Security
                 CC|                            |LRlian at 163.com
            Summary|x                           |ctl_getitem() return value
                   |                            |not always checked
              Flags|                            |blocking4.2.8+

--- Comment #1 from Harlan Stenn <stenn at ntp.org> 2016-02-03 06:22:23 UTC ---
There are cases where the return value of ctl_getitem() is not directly checked
to make sure it's not NULL, but there are subsequent INSIST() checks that make
sure the return value is not NULL.  There are situations where this can happen,
and because the current code uses INSIST for safety checks this can cause ntpd
to abort.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list