[ntp:hackers] Bug hunting opportunities

Dave Hart davehart at gmail.com
Wed Oct 28 03:14:06 UTC 2009


On Wed, Oct 28, 2009 at 12:18 AM, Hal Murray <hmurray at megapathdsl.net> wrote:
> Has anybody thought about setting up a dummy ntp.conf full of refclocks that
> don't exist so we can batch test all of the simple cases?
>
> server 127.127.0.99
> server 127.127.1.99
> ...
>
> So I gave it a quick try, and found another.  My ntpd exited silently in the
> SHM driver.  There is a suspicious looking
>          assert (unit<10); /* MAXUNIT is 4, so should never happen */
> at the top of the start routine.
>
> What's the appropriate macro to use for things like that?

Thanks for trying that.  I'm sure there are more bugz to be found
fuzzing ntp.conf.  I can see no valid reason for refclock_shm to abort
with a unit number greater than or equal to 10.  Please file a bug on
this issue.  It appears to me the assertion can simply be removed, as
there's no problem adding 254 or 255 to the magic "key" used to name
the shared memory object:

	shmid=shmget (0x4e545030+unit, sizeof (struct shmTime),
		      IPC_CREAT|(unit<2?0700:0777));

And I see no use of unit to index arrays in refclock_shm.

Thanks again.

Cheers,
Dave Hart


More information about the hackers mailing list