[Sec 1144] limited buffer overflow in ntpq. CVE-2009-0159

author Harlan Stenn <stenn@ntp.org>

Thu, 9 Apr 2009 08:13:41 +0000 (04:13 -0400)

committer Harlan Stenn <stenn@ntp.org>

Thu, 9 Apr 2009 08:13:41 +0000 (04:13 -0400)
author Harlan Stenn <stenn@ntp.org>
Thu, 9 Apr 2009 08:13:41 +0000 (04:13 -0400)
committer Harlan Stenn <stenn@ntp.org>
Thu, 9 Apr 2009 08:13:41 +0000 (04:13 -0400)
diff --git a/ChangeLog b/ChangeLog

index 572cb89bf690d9899243e920bd813157ec943a3b..b6544d53b40aa1b890afcbe23274932d6c51477d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
  ---
+* [Sec 1144] limited buffer overflow in ntpq.  CVE-2009-0159
  * [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
+
  ---
  (4.2.4p7-RC1) 2009/03/30 Released by Harlan Stenn <stenn@ntp.org>
  
diff --git a/ntpq/ntpq.c b/ntpq/ntpq.c

index 91379408ff7c96b6bf8176b8782aa1706014ad4b..2e51b35efad9933e7b70643b148c257b24c1aeb1 100644 (file)
--- a/ntpq/ntpq.c
+++ b/ntpq/ntpq.c
@@ -3185,9 +3185,9 @@ cookedprint(
                                 if (!decodeuint(value, &uval))
                                     output_raw = '?';
                                 else {
-                                       char b[10];
+                                       char b[12];
  
-                                       (void) sprintf(b, "%03lo", uval);
+                                       (void) snprintf(b, sizeof b, "%03lo", uval);
                                         output(fp, name, b);
                                 }
                                 break;
author	Harlan Stenn <stenn@ntp.org>
	Thu, 9 Apr 2009 08:13:41 +0000 (04:13 -0400)
committer	Harlan Stenn <stenn@ntp.org>
	Thu, 9 Apr 2009 08:13:41 +0000 (04:13 -0400)
ChangeLog		patch \| blob \| blame \| history
ntpq/ntpq.c		patch \| blob \| blame \| history