Re-apply patch from bin/92839 to avoid two possible buffer overflows. For an
unknown reason, this seems to have never been applied to vendor sources. PR: bin/92839 Submitted by: Helge Oldach <freebsdntpd@oldach.net>
This commit is contained in:
parent
f1c13ed374
commit
a3275ecc3f
@ -48,3 +48,6 @@ branch for unsigned char/int fixes and removal of a DoS.
|
||||
|
||||
Documentation in /usr/share/doc/ntp is generated from the HTML files with
|
||||
lynx (without the GIF files of course).
|
||||
|
||||
One patch needs to be applied after that to close two buffer overflows. See
|
||||
bin/92839 for details.
|
||||
|
@ -229,7 +229,7 @@ convert_rawdcf(
|
||||
unsigned char *c = dcfprm->zerobits;
|
||||
int i;
|
||||
|
||||
parseprintf(DD_RAWDCF,("parse: convert_rawdcf: \"%s\"\n", buffer));
|
||||
parseprintf(DD_RAWDCF,("parse: convert_rawdcf: \"%.*s\"\n", size, buffer));
|
||||
|
||||
if (size < 57)
|
||||
{
|
||||
@ -320,7 +320,7 @@ convert_rawdcf(
|
||||
* bad format - not for us
|
||||
*/
|
||||
#ifndef PARSEKERNEL
|
||||
msyslog(LOG_ERR, "parse: convert_rawdcf: parity check FAILED for \"%s\"\n", buffer);
|
||||
msyslog(LOG_ERR, "parse: convert_rawdcf: parity check FAILED for \"%.*s\"\n", size, buffer);
|
||||
#endif
|
||||
return CVT_FAIL|CVT_BADFMT;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user