Re-apply patch from bin/92839 to avoid two possible buffer overflows. For an

unknown reason, this seems to have never been applied to vendor sources.

PR:		bin/92839
Submitted by:	Helge Oldach <freebsdntpd@oldach.net>
This commit is contained in:
Ollivier Robert 2008-09-07 22:08:10 +00:00
parent f1c13ed374
commit a3275ecc3f
2 changed files with 5 additions and 2 deletions

View File

@ -48,3 +48,6 @@ branch for unsigned char/int fixes and removal of a DoS.
Documentation in /usr/share/doc/ntp is generated from the HTML files with
lynx (without the GIF files of course).
One patch needs to be applied after that to close two buffer overflows. See
bin/92839 for details.

View File

@ -229,7 +229,7 @@ convert_rawdcf(
unsigned char *c = dcfprm->zerobits;
int i;
parseprintf(DD_RAWDCF,("parse: convert_rawdcf: \"%s\"\n", buffer));
parseprintf(DD_RAWDCF,("parse: convert_rawdcf: \"%.*s\"\n", size, buffer));
if (size < 57)
{
@ -320,7 +320,7 @@ convert_rawdcf(
* bad format - not for us
*/
#ifndef PARSEKERNEL
msyslog(LOG_ERR, "parse: convert_rawdcf: parity check FAILED for \"%s\"\n", buffer);
msyslog(LOG_ERR, "parse: convert_rawdcf: parity check FAILED for \"%.*s\"\n", size, buffer);
#endif
return CVT_FAIL|CVT_BADFMT;
}