Blame SOURCES/ntp-4.2.6p5-cve-2015-7852.patch
|
|
063937 |
diff -up ntp-4.2.6p5/ntpq/ntpq.c.cve-2015-7852 ntp-4.2.6p5/ntpq/ntpq.c
|
|
|
063937 |
--- ntp-4.2.6p5/ntpq/ntpq.c.cve-2015-7852 2015-10-21 19:38:34.008129649 +0200
|
|
|
063937 |
+++ ntp-4.2.6p5/ntpq/ntpq.c 2015-10-21 19:39:40.207742621 +0200
|
|
|
063937 |
@@ -3449,12 +3449,17 @@ cookedprint(
|
|
|
063937 |
char bv[401];
|
|
|
063937 |
int len;
|
|
|
063937 |
|
|
|
063937 |
+ /* TALOS-CAN-0063: avoid buffer overrun */
|
|
|
063937 |
atoascii(name, MAXVARLEN, bn, sizeof(bn));
|
|
|
063937 |
- atoascii(value, MAXVARLEN, bv, sizeof(bv));
|
|
|
063937 |
if (output_raw != '*') {
|
|
|
063937 |
+ atoascii(value, MAXVALLEN,
|
|
|
063937 |
+ bv, sizeof(bv) - 1);
|
|
|
063937 |
len = strlen(bv);
|
|
|
063937 |
bv[len] = output_raw;
|
|
|
063937 |
bv[len+1] = '\0';
|
|
|
063937 |
+ } else {
|
|
|
063937 |
+ atoascii(value, MAXVALLEN,
|
|
|
063937 |
+ bv, sizeof(bv));
|
|
|
063937 |
}
|
|
|
063937 |
output(fp, bn, bv);
|
|
|
063937 |
}
|