[Sec 2922] decodenetnum() will ASSERT botch instead of returning FAIL on some bogus...

author Harlan Stenn <stenn@ntp.org>

Tue, 6 Oct 2015 08:51:27 +0000 (08:51 +0000)

committer Harlan Stenn <stenn@ntp.org>

Tue, 6 Oct 2015 08:51:27 +0000 (08:51 +0000)
author Harlan Stenn <stenn@ntp.org>
Tue, 6 Oct 2015 08:51:27 +0000 (08:51 +0000)
committer Harlan Stenn <stenn@ntp.org>
Tue, 6 Oct 2015 08:51:27 +0000 (08:51 +0000)
diff --git a/ChangeLog b/ChangeLog

index 93d35a7fdf470071b66cf56f7524fd6a727d45b5..81cf3268833be73c8c05bc6f969d99578c59df45 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,8 @@
  * [Sec 2020] TALOS-CAN-0064: signed/unsiged clash could lead to buffer overun
    and memory corruption. perlinger@ntp.org
  * [Sec 2921] TALOS-CAN-0065: password length memory corruption. JPerlinger.
+* [Sec 2922] decodenetnum() will ASSERT botch instead of returning FAIL
+  on some bogus values.  Harlan Stenn.
  * [Bug 2332] (reopened) Exercise thread cancellation once before dropping
    privileges and limiting resources in NTPD removes the need to link
    forcefully against 'libgcc_s' which does not always work. J.Perlinger
diff --git a/libntp/decodenetnum.c b/libntp/decodenetnum.c

index ebcb2da69f231ef1ba26e53cae4f18a810187586..35b908f3947875a269c2d52a2acff828e474f7af 100644 (file)
--- a/libntp/decodenetnum.c
+++ b/libntp/decodenetnum.c
@@ -36,7 +36,10 @@ decodenetnum(
         char name[80];
  
         REQUIRE(num != NULL);
-       REQUIRE(strlen(num) < sizeof(name));
+
+       if (strlen(num) >= sizeof(name)) {
+               return 0;
+       }
  
         port_str = NULL;
         if ('[' != num[0]) {
author	Harlan Stenn <stenn@ntp.org>
	Tue, 6 Oct 2015 08:51:27 +0000 (08:51 +0000)
committer	Harlan Stenn <stenn@ntp.org>
	Tue, 6 Oct 2015 08:51:27 +0000 (08:51 +0000)
ChangeLog		patch \| blob \| blame \| history
libntp/decodenetnum.c		patch \| blob \| blame \| history