[ntp:questions] Re: Taming the pinball machine

Wolfgang S. Rupprecht wolfgang+gnus20031113T094637 at dailyplanet.dontspam.wsrcc.com
Thu Nov 13 18:02:10 UTC 2003


worley at theworld.com (Dale R. Worley) writes:
> Sadly, an exploitable flaw in a program as widely distributed as NTP
> really is a problem for the big, wide world.  

I wonder if ntp isn't opening itself up to abuse by using the
non-bounds checked buffer routines (like sprintf()).  Even if it is
safe now, some seemingly innocuous change in the future could trigger
an exploitable overflow.

I wasted a few hours yesterday wondering why when I added the gps's
lat/lon/alt to the clockstats that the gps clock stopped peering.  It
turned out after much hair pulling that the buffer that the clockstats
string was written into was filled to the brim already with only a
byte or two to spare.  Adding another few bytes merrily clobbered some
vital clock variables.

Would ntp's caretakers accept a patch to change sprintf()'s to
snprintf() so this thing can't happen again?

-wolfgang
-- 
Wolfgang S. Rupprecht 		     http://www.wsrcc.com/wolfgang/
           The From: address is valid.  Don't mess with it.



More information about the questions mailing list