aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOllivier Robert <roberto@FreeBSD.org>2008-09-07 22:08:10 +0000
committerOllivier Robert <roberto@FreeBSD.org>2008-09-07 22:08:10 +0000
commita3275ecc3f255ee9ae2e95324b0c6f1709699789 (patch)
tree4e0e18b385e690158203492ae0a5269d38d91921
parentf1c13ed37419f9172a98c30326ee06364c703b7e (diff)
downloadsrc-a3275ecc3f255ee9ae2e95324b0c6f1709699789.tar.gz
src-a3275ecc3f255ee9ae2e95324b0c6f1709699789.zip
Re-apply patch from bin/92839 to avoid two possible buffer overflows. For an
unknown reason, this seems to have never been applied to vendor sources. PR: bin/92839 Submitted by: Helge Oldach <freebsdntpd@oldach.net>
Notes
Notes: svn path=/vendor/ntp/dist/; revision=182856
-rw-r--r--FREEBSD-upgrade3
-rw-r--r--libparse/clk_rawdcf.c4
2 files changed, 5 insertions, 2 deletions
diff --git a/FREEBSD-upgrade b/FREEBSD-upgrade
index a2f7d84e368a..e1e18995e73d 100644
--- a/FREEBSD-upgrade
+++ b/FREEBSD-upgrade
@@ -48,3 +48,6 @@ branch for unsigned char/int fixes and removal of a DoS.
Documentation in /usr/share/doc/ntp is generated from the HTML files with
lynx (without the GIF files of course).
+
+One patch needs to be applied after that to close two buffer overflows. See
+bin/92839 for details.
diff --git a/libparse/clk_rawdcf.c b/libparse/clk_rawdcf.c
index 3ef36c43ea37..3465e8dfbad1 100644
--- a/libparse/clk_rawdcf.c
+++ b/libparse/clk_rawdcf.c
@@ -229,7 +229,7 @@ convert_rawdcf(
unsigned char *c = dcfprm->zerobits;
int i;
- parseprintf(DD_RAWDCF,("parse: convert_rawdcf: \"%s\"\n", buffer));
+ parseprintf(DD_RAWDCF,("parse: convert_rawdcf: \"%.*s\"\n", size, buffer));
if (size < 57)
{
@@ -320,7 +320,7 @@ convert_rawdcf(
* bad format - not for us
*/
#ifndef PARSEKERNEL
- msyslog(LOG_ERR, "parse: convert_rawdcf: parity check FAILED for \"%s\"\n", buffer);
+ msyslog(LOG_ERR, "parse: convert_rawdcf: parity check FAILED for \"%.*s\"\n", size, buffer);
#endif
return CVT_FAIL|CVT_BADFMT;
}