]> git.ipfire.org Git - thirdparty/ntp.git/commitdiff
projects / thirdparty / ntp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c7eb198)
[Sec 3008] Always check the return value of ctl_getitem(). HStenn.
authorHarlan Stenn <stenn@ntp.org>
Mon, 22 Feb 2016 05:33:56 +0000 (05:33 +0000)
committerHarlan Stenn <stenn@ntp.org>
Mon, 22 Feb 2016 05:33:56 +0000 (05:33 +0000)
bk: 56ca9dc4OGNQF63p9J74Ua6TYxfTtQ

ChangeLog patch | blob | blame | history
ntpd/ntp_control.c patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index d524d00f07f9e78a1a7645e62d4369ae24966d8d..593a5771e3e6eb99e3f767b4ee4d4426cf163080 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,7 @@
 * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
   time. Include passive servers in this check. HStenn.
 * [Sec 2945] Additional KoD packet checks.  HStenn.
+* [Sec 3008] Always check the return value of ctl_getitem().  HStenn.
 * [Bug 2858] bool support.  Use stdbool.h when available.  HStenn.
 * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
   - integrated patches by Loganaden Velvidron <logan@ntp.org>
diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c
index e5a567e789d6db41f8ac4c909e0aac670c8091be..9bf881af3463b88c44acfb6bcc98d1c5fc0122f0 100644 (file)
--- a/ntpd/ntp_control.c
+++ b/ntpd/ntp_control.c
@@ -3334,7 +3334,11 @@ read_sysvars(void)
                        gotvar = 1;
                } else {
                        v = ctl_getitem(ext_sys_var, &valuep);
-                       INSIST(v != NULL);
+                       if (NULL == v) {
+                               ctl_error(CERR_BADVALUE);
+                               free(wants);
+                               return;
+                       }
                        if (EOV & v->flags) {
                                ctl_error(CERR_UNKNOWNVAR);
                                free(wants);
@@ -4575,7 +4579,12 @@ read_clockstatus(
                        gotvar = TRUE;
                } else {
                        v = ctl_getitem(kv, &valuep);
-                       INSIST(NULL != v);
+                       if (NULL == v) {
+                               ctl_error(CERR_BADVALUE);
+                               free(wants);
+                               free_varlist(cs.kv_list);
+                               return;
+                       }
                        if (EOV & v->flags) {
                                ctl_error(CERR_UNKNOWNVAR);
                                free(wants);
Mirror of https://github.com/ntp-project/ntp.git