Re-apply patch from bin/92839 to avoid two possible buffer overflows. For an

unknown reason, this seems to have never been applied to vendor sources. PR: bin/92839 Submitted by: Helge Oldach <freebsdntpd@oldach.net>
svn path=/vendor/ntp/dist/; revision=182856
2008-09-07 22:08:10 +00:00 · 2008-09-07 22:08:10 +00:00 · a3275ecc3f · 2020-12-20 02:59:44 +00:00
commit a3275ecc3f
parent f1c13ed374
2 changed files with 5 additions and 2 deletions
--- a/3
+++ b/3
@ -48,3 +48,6 @@ branch for unsigned char/int fixes and removal of a DoS.

 Documentation in /usr/share/doc/ntp is generated from the HTML files with
 lynx (without the GIF files of course).
+
+One patch needs to be applied after that to close two buffer overflows. See
+bin/92839 for details.
--- a/libparse/clk_rawdcf.c
+++ b/libparse/clk_rawdcf.c
@ -229,7 +229,7 @@ convert_rawdcf(
 	unsigned char *c = dcfprm->zerobits;
 	int i;

-	parseprintf(DD_RAWDCF,("parse: convert_rawdcf: \"%s\"\n", buffer));
+	parseprintf(DD_RAWDCF,("parse: convert_rawdcf: \"%.*s\"\n", size, buffer));

 	if (size < 57)
 	{
@ -320,7 +320,7 @@ convert_rawdcf(
 		 * bad format - not for us
 		 */
 #ifndef PARSEKERNEL
-		msyslog(LOG_ERR, "parse: convert_rawdcf: parity check FAILED for \"%s\"\n", buffer);
+		msyslog(LOG_ERR, "parse: convert_rawdcf: parity check FAILED for \"%.*s\"\n", size, buffer);
 #endif
 		return CVT_FAIL|CVT_BADFMT;
 	}