From: Dave Hart <hart@ntp.org>
Date: Mon, 5 Dec 2011 17:07:40 +0000 (+0000)
Subject: [Bug 2082] 3-char refid sent by ntpd 4.2.6p5-RC2 ends with extra dot.
X-Git-Tag: NTP_4_2_7P238~4^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1fb2d16d0f05155ee637a8e66374d91b99430c42;p=thirdparty%2Fntp.git

[Bug 2082] 3-char refid sent by ntpd 4.2.6p5-RC2 ends with extra dot.
Ensure NULL peer->dstadr is not accessed in orphan parent selection.

bk: 4edcfa5cYMFgVyVcCau7pieuT-1xDA
---

diff --git a/ChangeLog b/ChangeLog
index 9f65ac816..28ef5ab74 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+---
+
+* [Bug 2082] 3-char refid sent by ntpd 4.2.6p5-RC2 ends with extra dot.
+* Ensure NULL peer->dstadr is not accessed in orphan parent selection.
+
 ---
 (4.2.6p5-RC2) 2011/11/30 Released by Harlan Stenn <stenn@ntp.org>
 
diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c
index a69046976..a2abf0716 100644
--- a/ntpd/ntp_control.c
+++ b/ntpd/ntp_control.c
@@ -1283,7 +1283,8 @@ ctl_putrefid(
 		return;
 	iptr = (char *)&refid;
 	iplim = iptr + sizeof(refid);
-	for (; optr < oplim && iptr < iplim; iptr++, optr++)
+	for ( ; optr < oplim && iptr < iplim && '\0' != *iptr; 
+	     iptr++, optr++)
 		if (isprint(*iptr))
 			*optr = *iptr;
 		else
diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
index bc350d00d..cdefca8de 100644
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -2311,7 +2311,10 @@ clock_select(void)
 				u_int32	localmet;
 				u_int32	peermet;
 
-				localmet = ntohl(peer->dstadr->addr_refid);
+				if (peer->dstadr != NULL)
+					localmet = ntohl(peer->dstadr->addr_refid);
+				else
+					localmet = U_INT32_MAX;
 				peermet = ntohl(addr2refid(&peer->srcadr));
 				if (peermet < localmet &&
 				    peermet < orphmet) {