Blame SOURCES/ntp-4.2.6p5-cve-2018-12327.patch
|
 |
9e87e2 |
diff -up ntp-4.2.6p5/ntpdc/ntpdc.c.cve-2018-12327 ntp-4.2.6p5/ntpdc/ntpdc.c
|
|
|
9e87e2 |
--- ntp-4.2.6p5/ntpdc/ntpdc.c.cve-2018-12327 2018-12-10 12:01:08.096202203 +0100
|
|
|
9e87e2 |
+++ ntp-4.2.6p5/ntpdc/ntpdc.c 2018-12-10 12:02:05.385805767 +0100
|
|
|
9e87e2 |
@@ -459,8 +459,14 @@ openhost(
|
|
|
9e87e2 |
|
|
|
9e87e2 |
if (*cp == '[') {
|
|
|
9e87e2 |
cp++;
|
|
|
9e87e2 |
- for (i = 0; *cp && *cp != ']'; cp++, i++)
|
|
|
9e87e2 |
+ for (i = 0; *cp && *cp != ']'; cp++, i++) {
|
|
|
9e87e2 |
+ if (i + 1 == sizeof (name)) {
|
|
|
9e87e2 |
+ errno = EINVAL;
|
|
|
9e87e2 |
+ warning("%s", "bad hostname/address", "");
|
|
|
9e87e2 |
+ return 0;
|
|
|
9e87e2 |
+ }
|
|
|
9e87e2 |
name[i] = *cp;
|
|
|
9e87e2 |
+ }
|
|
|
9e87e2 |
if (*cp == ']') {
|
|
|
9e87e2 |
name[i] = '\0';
|
|
|
9e87e2 |
hname = name;
|
|
|
9e87e2 |
diff -up ntp-4.2.6p5/ntpq/ntpq.c.cve-2018-12327 ntp-4.2.6p5/ntpq/ntpq.c
|
|
|
9e87e2 |
--- ntp-4.2.6p5/ntpq/ntpq.c.cve-2018-12327 2018-12-10 12:01:08.157201781 +0100
|
|
|
9e87e2 |
+++ ntp-4.2.6p5/ntpq/ntpq.c 2018-12-10 12:02:17.739720281 +0100
|
|
|
9e87e2 |
@@ -640,8 +640,14 @@ openhost(
|
|
|
9e87e2 |
|
|
|
9e87e2 |
if (*cp == '[') {
|
|
|
9e87e2 |
cp++;
|
|
|
9e87e2 |
- for (i = 0; *cp && *cp != ']'; cp++, i++)
|
|
|
9e87e2 |
+ for (i = 0; *cp && *cp != ']'; cp++, i++) {
|
|
|
9e87e2 |
+ if (i + 1 == sizeof (name)) {
|
|
|
9e87e2 |
+ errno = EINVAL;
|
|
|
9e87e2 |
+ warning("%s", "bad hostname/address", "");
|
|
|
9e87e2 |
+ return 0;
|
|
|
9e87e2 |
+ }
|
|
|
9e87e2 |
name[i] = *cp;
|
|
|
9e87e2 |
+ }
|
|
|
9e87e2 |
if (*cp == ']') {
|
|
|
9e87e2 |
name[i] = '\0';
|
|
|
9e87e2 |
hname = name;
|