[Bug 3691] Buffer Overflow reading GPSD output

bk: 5f83f1490vivQEe-HCDrdNY90_JBIw

diff --git a/ChangeLog b/ChangeLog
index eeceaa9f10cb57b56caf561eaab50a81ec861f63..3e5b3a639dace67966099bc6cf1fcc6b11833fdd 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+---
+* [Bug 3691] Buffer Overflow reading GPSD output
+  - original patch by matt<ntpbr@mattcorallo.com>
+  - increased max PDU size to 4k to avoid truncation
+
 ---
 (4.2.8p15) 2020/06/23 Released by Harlan Stenn <stenn@ntp.org>
 

diff --git a/ntpd/refclock_gpsdjson.c b/ntpd/refclock_gpsdjson.c
index 0cb2fc408abbe9282bf57f52f3bd6d9032451bbe..a178c427ac838cf9d9f4effa1640311196900d8b 100644 (file)
--- a/ntpd/refclock_gpsdjson.c
+++ b/ntpd/refclock_gpsdjson.c
@@ -193,7 +193,7 @@ typedef unsigned long int json_uint;
 #define        REFID           "GPSD"  /* reference id */
 #define        DESCRIPTION     "GPSD JSON client clock" /* who we are */
 
-#define MAX_PDU_LEN    1600
+#define MAX_PDU_LEN    4096
 #define TICKOVER_LOW   10
 #define TICKOVER_HIGH  120
 #define LOGTHROTTLE    3600
@@ -672,7 +672,7 @@ gpsd_receive(
        esrc = psrc + rbufp->recv_length;
 
        pdst = up->buffer + up->buflen;
-       edst = pdst + sizeof(up->buffer) - 1; /* for trailing NUL */
+       edst = up->buffer + sizeof(up->buffer) - 1; /* for trailing NUL */
 
        while (psrc != esrc) {
                ch = *psrc++;