[Bug 1208] decodenetnum() buffer overrun on [ with no ]

author Dave Hart <hart@ntp.org>

Tue, 2 Jun 2009 22:04:37 +0000 (22:04 +0000)

committer Dave Hart <hart@ntp.org>

Tue, 2 Jun 2009 22:04:37 +0000 (22:04 +0000)
author Dave Hart <hart@ntp.org>
Tue, 2 Jun 2009 22:04:37 +0000 (22:04 +0000)
committer Dave Hart <hart@ntp.org>
Tue, 2 Jun 2009 22:04:37 +0000 (22:04 +0000)
diff --git a/ChangeLog b/ChangeLog

index 533e25190202020be202badfc1f330c9907fb11d..b922dc50383ce7afb0c3e11dea12939f0d5c6f7f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+* [Bug 1208] decodenetnum() buffer overrun on [ with no ]
  (4.2.5p180) 2009/05/29 Released by Harlan Stenn <stenn@ntp.org>
  * [Bug 1200] Enable IPv6 in Windows port
  * Lose FLAG_FIXPOLL, from Dave Mills.
diff --git a/libntp/decodenetnum.c b/libntp/decodenetnum.c

index 746c855d8bd1b6e9ccdc8b8f67b7fa6462b7d6c2..5d646c377ad247414e12b0dc139cbb2a3dbd2aad 100644 (file)
--- a/libntp/decodenetnum.c
+++ b/libntp/decodenetnum.c
@@ -7,6 +7,7 @@
  #include <netinet/in.h>
  
  #include "ntp_stdlib.h"
+#include "ntp_assert.h"
  
  int
  decodenetnum(
@@ -15,25 +16,30 @@ decodenetnum(
         )
  {
         struct addrinfo hints, *ai = NULL;
-       register int err, i;
+       register int err;
         register const char *cp;
         char name[80];
+       char *np;
  
-       cp = num;
+       NTP_REQUIRE(num != NULL);
+       NTP_REQUIRE(strlen(num) < sizeof(name));
  
-       if (*cp == '[') {
-               cp++;
-               for (i = 0; *cp != ']'; cp++, i++)
-                       name[i] = *cp;
-       name[i] = '\0';
-       num = name; 
+       if ('[' != num[0]) 
+               np = name;
+       else {
+               cp = num + 1;
+               np = name; 
+               while (*cp && ']' != *cp)
+                       *np++ = *cp++;
+               *np = 0;
+               np = name; 
         }
-       memset(&hints, 0, sizeof(struct addrinfo));
+       memset(&hints, 0, sizeof(hints));
         hints.ai_flags = AI_NUMERICHOST;
-       err = getaddrinfo(num, NULL, &hints, &ai);
+       err = getaddrinfo(np, NULL, &hints, &ai);
         if (err != 0)
                 return 0;
-       memcpy(netnum, (struct sockaddr_storage *)ai->ai_addr, ai->ai_addrlen); 
+       memcpy(netnum, ai->ai_addr, ai->ai_addrlen); 
         freeaddrinfo(ai);
         return 1;
  }
author	Dave Hart <hart@ntp.org>
	Tue, 2 Jun 2009 22:04:37 +0000 (22:04 +0000)
committer	Dave Hart <hart@ntp.org>
	Tue, 2 Jun 2009 22:04:37 +0000 (22:04 +0000)
ChangeLog		patch \| blob \| blame \| history
libntp/decodenetnum.c		patch \| blob \| blame \| history