Check for truncated source address when receiving packets

author Miroslav Lichvar <mlichvar@redhat.com>

Fri, 15 Aug 2014 10:54:32 +0000 (12:54 +0200)

committer Miroslav Lichvar <mlichvar@redhat.com>

Fri, 15 Aug 2014 14:44:43 +0000 (16:44 +0200)
author Miroslav Lichvar <mlichvar@redhat.com>
Fri, 15 Aug 2014 10:54:32 +0000 (12:54 +0200)
committer Miroslav Lichvar <mlichvar@redhat.com>
Fri, 15 Aug 2014 14:44:43 +0000 (16:44 +0200)
diff --git a/cmdmon.c b/cmdmon.c

index 37f0d3d38302fa11f821c368008ea298c05d89fc..2f354e38a337b67f2505055f26c013b2305c368e 100644 (file)
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -1644,6 +1644,9 @@ read_from_cmd_socket(void *anything)
      return;
    }
  
+  if (from_length > sizeof (where_from))
+    LOG_FATAL(LOGF_CmdMon, "Truncated source address");
+
    read_length = status;
  
    LCL_ReadRawTime(&now);
diff --git a/ntp_io.c b/ntp_io.c

index 72f6a660ca31f55f6ed2285850aeda559d9d6a82..d69173503a38ead1efd69676b5b80446b657d4a7 100644 (file)
--- a/ntp_io.c
+++ b/ntp_io.c
@@ -481,6 +481,9 @@ read_from_socket(void *anything)
       reponse on a subsequent recvfrom). */
  
    if (status > 0) {
+    if (msg.msg_namelen > sizeof (where_from))
+      LOG_FATAL(LOGF_NtpIO, "Truncated source address");
+
      switch (where_from.u.sa_family) {
        case AF_INET:
          remote_addr.ip_addr.family = IPADDR_INET4;
author	Miroslav Lichvar <mlichvar@redhat.com>
	Fri, 15 Aug 2014 10:54:32 +0000 (12:54 +0200)
committer	Miroslav Lichvar <mlichvar@redhat.com>
	Fri, 15 Aug 2014 14:44:43 +0000 (16:44 +0200)
cmdmon.c		patch \| blob \| blame \| history
ntp_io.c		patch \| blob \| blame \| history