[Bug 2082] 3-char refid sent by ntpd 4.2.6p5-RC2 ends with extra dot.

Ensure NULL peer->dstadr is not accessed in orphan parent selection.

bk: 4edcfa5cYMFgVyVcCau7pieuT-1xDA

diff --git a/ChangeLog b/ChangeLog
index 9f65ac816d1e49e90e3c40ec808028f880427f39..28ef5ab7426eecf868c759e23c414824d2826c3d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+---
+
+* [Bug 2082] 3-char refid sent by ntpd 4.2.6p5-RC2 ends with extra dot.
+* Ensure NULL peer->dstadr is not accessed in orphan parent selection.
+
 ---
 (4.2.6p5-RC2) 2011/11/30 Released by Harlan Stenn <stenn@ntp.org>
 

diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c
index a6904697693a6194b89e80176451607ad3ad23b8..a2abf07168684f39482a59b6607c710caffbabf2 100644 (file)
--- a/ntpd/ntp_control.c
+++ b/ntpd/ntp_control.c
@@ -1283,7 +1283,8 @@ ctl_putrefid(
                return;
        iptr = (char *)&refid;
        iplim = iptr + sizeof(refid);
-       for (; optr < oplim && iptr < iplim; iptr++, optr++)
+       for ( ; optr < oplim && iptr < iplim && '\0' != *iptr; 
+            iptr++, optr++)
                if (isprint(*iptr))
                        *optr = *iptr;
                else

diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
index bc350d00d8bfd5f10e269b46bebe1fc0f9aed844..cdefca8de17572ee4cdf389923eb5fd2309f6125 100644 (file)
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -2311,7 +2311,10 @@ clock_select(void)
                                u_int32 localmet;
                                u_int32 peermet;
 
-                               localmet = ntohl(peer->dstadr->addr_refid);
+                               if (peer->dstadr != NULL)
+                                       localmet = ntohl(peer->dstadr->addr_refid);
+                               else
+                                       localmet = U_INT32_MAX;
                                peermet = ntohl(addr2refid(&peer->srcadr));
                                if (peermet < localmet &&
                                    peermet < orphmet) {