From: Harlan Stenn <stenn@ntp.org>
Date: Thu, 9 Apr 2009 08:13:41 +0000 (-0400)
Subject: [Sec 1144] limited buffer overflow in ntpq.  CVE-2009-0159
X-Git-Tag: NTP_4_2_4P7_RC2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0fe2186fe4981360b0a4071cb88d629c71bcd91d;p=thirdparty%2Fntp.git

[Sec 1144] limited buffer overflow in ntpq.  CVE-2009-0159

bk: 49ddae35Iwa2_82UJbL4WYIqmLFCgQ
---

diff --git a/ChangeLog b/ChangeLog
index 572cb89bf..b6544d53b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 ---
+* [Sec 1144] limited buffer overflow in ntpq.  CVE-2009-0159
 * [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
+
 ---
 (4.2.4p7-RC1) 2009/03/30 Released by Harlan Stenn <stenn@ntp.org>
 
diff --git a/ntpq/ntpq.c b/ntpq/ntpq.c
index 91379408f..2e51b35ef 100644
--- a/ntpq/ntpq.c
+++ b/ntpq/ntpq.c
@@ -3185,9 +3185,9 @@ cookedprint(
 				if (!decodeuint(value, &uval))
 				    output_raw = '?';
 				else {
-					char b[10];
+					char b[12];
 
-					(void) sprintf(b, "%03lo", uval);
+					(void) snprintf(b, sizeof b, "%03lo", uval);
 					output(fp, name, b);
 				}
 				break;