From a3275ecc3f255ee9ae2e95324b0c6f1709699789 Mon Sep 17 00:00:00 2001 From: Ollivier Robert Date: Sun, 7 Sep 2008 22:08:10 +0000 Subject: [PATCH] Re-apply patch from bin/92839 to avoid two possible buffer overflows. For an unknown reason, this seems to have never been applied to vendor sources. PR: bin/92839 Submitted by: Helge Oldach --- FREEBSD-upgrade | 3 +++ libparse/clk_rawdcf.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/FREEBSD-upgrade b/FREEBSD-upgrade index a2f7d84e368a..e1e18995e73d 100644 --- a/FREEBSD-upgrade +++ b/FREEBSD-upgrade @@ -48,3 +48,6 @@ branch for unsigned char/int fixes and removal of a DoS. Documentation in /usr/share/doc/ntp is generated from the HTML files with lynx (without the GIF files of course). + +One patch needs to be applied after that to close two buffer overflows. See +bin/92839 for details. diff --git a/libparse/clk_rawdcf.c b/libparse/clk_rawdcf.c index 3ef36c43ea37..3465e8dfbad1 100644 --- a/libparse/clk_rawdcf.c +++ b/libparse/clk_rawdcf.c @@ -229,7 +229,7 @@ convert_rawdcf( unsigned char *c = dcfprm->zerobits; int i; - parseprintf(DD_RAWDCF,("parse: convert_rawdcf: \"%s\"\n", buffer)); + parseprintf(DD_RAWDCF,("parse: convert_rawdcf: \"%.*s\"\n", size, buffer)); if (size < 57) { @@ -320,7 +320,7 @@ convert_rawdcf( * bad format - not for us */ #ifndef PARSEKERNEL - msyslog(LOG_ERR, "parse: convert_rawdcf: parity check FAILED for \"%s\"\n", buffer); + msyslog(LOG_ERR, "parse: convert_rawdcf: parity check FAILED for \"%.*s\"\n", size, buffer); #endif return CVT_FAIL|CVT_BADFMT; }