From: Juergen Perlinger <perlinger@ntp.org>
Date: Mon, 20 Jul 2020 05:35:48 +0000 (+0200)
Subject: [Bug 3666] avoid unlimited receive buffer allocation
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=155c3d31a962730ef3d094af9135084879a2197e;p=thirdparty%2Fntp.git

[Bug 3666] avoid unlimited receive buffer allocation
 - follow-up: fix inverted sense in check, reset shortfall counter

bk: 5f152d34Tk2l0PxvOYBOc40-vSgCcQ
---

diff --git a/ChangeLog b/ChangeLog
index eeceaa9f1..368bbf950 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+---
+* [Bug 3666] avoid unlimited receive buffer allocation <perlinger@ntp.org>
+  - follow-up: fix inverted sense in check, reset shortfall counter
+
 ---
 (4.2.8p15) 2020/06/23 Released by Harlan Stenn <stenn@ntp.org>
 
diff --git a/libntp/recvbuff.c b/libntp/recvbuff.c
index 5855ec214..d84a87d68 100644
--- a/libntp/recvbuff.c
+++ b/libntp/recvbuff.c
@@ -109,12 +109,13 @@ create_buffers(
 	u_int i;
 	size_t abuf;
 
-	if (limit_recvbufs <= total_recvbufs)
-		return;
-	
+	/*[bug 3666]: followup -- reset shortfalls in all cases */
 	abuf = nbufs + buffer_shortfall;
 	buffer_shortfall = 0;
 
+	if (limit_recvbufs <= total_recvbufs)
+		return;
+	
 	if (abuf < nbufs || abuf > RECV_BATCH)
 		abuf = RECV_BATCH;	/* clamp on overflow */
 	else
@@ -234,7 +235,7 @@ get_free_recv_buffer(
 	recvbuf_t *buffer = NULL;
 
 	LOCK_F();
-	if (free_recvbufs > (urgent ? emerg_recvbufs : 0)) {
+	if (free_recvbufs > (urgent ? 0 : emerg_recvbufs)) {
 		UNLINK_HEAD_SLIST(buffer, free_recv_list, link);
 	}