rpms / ntp

Clone
Source Code
GIT

Files

  1.   9e87e22c7adccab85812ead88898d1e2f25035c1
  2.   SOURCES
  3.   ntp-4.2.6p5-cve-2018-12327.patch
Blob Blame History Raw 
diff -up ntp-4.2.6p5/ntpdc/ntpdc.c.cve-2018-12327 ntp-4.2.6p5/ntpdc/ntpdc.c
--- ntp-4.2.6p5/ntpdc/ntpdc.c.cve-2018-12327	2018-12-10 12:01:08.096202203 +0100
+++ ntp-4.2.6p5/ntpdc/ntpdc.c	2018-12-10 12:02:05.385805767 +0100
@@ -459,8 +459,14 @@ openhost(
 	
 	if (*cp == '[') {
 		cp++;	
-		for (i = 0; *cp && *cp != ']'; cp++, i++)
+		for (i = 0; *cp && *cp != ']'; cp++, i++) {
+			if (i + 1 == sizeof (name)) {
+				errno = EINVAL;
+				warning("%s", "bad hostname/address", "");
+				return 0;
+			}
 			name[i] = *cp;
+		}
 		if (*cp == ']') {
 			name[i] = '\0';
 			hname = name;
diff -up ntp-4.2.6p5/ntpq/ntpq.c.cve-2018-12327 ntp-4.2.6p5/ntpq/ntpq.c
--- ntp-4.2.6p5/ntpq/ntpq.c.cve-2018-12327	2018-12-10 12:01:08.157201781 +0100
+++ ntp-4.2.6p5/ntpq/ntpq.c	2018-12-10 12:02:17.739720281 +0100
@@ -640,8 +640,14 @@ openhost(
 	
 	if (*cp == '[') {
 		cp++;
-		for (i = 0; *cp && *cp != ']'; cp++, i++)
+		for (i = 0; *cp && *cp != ']'; cp++, i++) {
+			if (i + 1 == sizeof (name)) {
+				errno = EINVAL;
+				warning("%s", "bad hostname/address", "");
+				return 0;
+			}
 			name[i] = *cp;
+		}
 		if (*cp == ']') {
 			name[i] = '\0';
 			hname = name;

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation