[Bug 1119] [CID 52] Avoid a possible null-dereference in ntp_crypto.c

bk: 49743f2ePoOJoxS475FsZrNuwtrsDw

diff --git a/ChangeLog b/ChangeLog
index 12da4d993bb9b38b216e876ed2fcd1732db1ed66..0f499d74f975fcfaa92217d1be94d589f19d3b07 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+* [Bug 1119] [CID 52] Avoid a possible null-dereference in ntp_crypto.c.
 * [Bug 1120] [CID 51] INSIST that peer is non-null before we dereference it.
 * [Bug 1121] [CID 47] double fclose() in ntp-keygen.c.
 (4.2.5p155) 2009/01/18 Released by Harlan Stenn <stenn@ntp.org>

diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c
index a0868818feacd57308e635f8d12e5603c074e908..81c5689d6a98ca0a3590c0b338b0363f44f81acb 100644 (file)
--- a/ntpd/ntp_crypto.c
+++ b/ntpd/ntp_crypto.c
@@ -1084,14 +1084,15 @@ crypto_xmit(
         * synchronized, light the error bit and go home.
         */
        pkt = (u_int32 *)xpkt + *start / 4;
-       if (peer != NULL)
+       if (peer != NULL) {
                srcadr_sin = &peer->srcadr;
-       else
+               if (!(opcode & CRYPTO_RESP))
+                       peer->opcode = ep->opcode;
+       } else {
                srcadr_sin = &rbufp->recv_srcadr;
+       }
        fp = (struct exten *)pkt;
        opcode = ntohl(ep->opcode);
-       if (!(opcode & CRYPTO_RESP))
-               peer->opcode = ep->opcode;
        associd = (associd_t) ntohl(ep->associd);
        fp->associd = ep->associd;
        len = 8;
@@ -1296,11 +1297,10 @@ crypto_xmit(
                        rval = XEVNT_LEN;
                        break;
                }
-               if (PKT_MODE(xpkt->li_vn_mode) == MODE_SERVER) {
+               if (peer == NULL)
                        tcookie = cookie;
-               } else {
+               else
                        tcookie = peer->hcookie;
-               }
                if ((rval = crypto_encrypt(ep, &vtemp, &tcookie)) ==
                    XEVNT_OK) {
                        rval = crypto_send(fp, &vtemp, &len);