From: Harlan Stenn <stenn@ntp.org>
Date: Sun, 15 Jul 2012 08:04:03 +0000 (-0700)
Subject: CID 97377: ntp-keygen.c's followlink() might not NUL-terminate
X-Git-Tag: NTP_4_2_7P289~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3072b42cf02f3594ab5b18c205e56abec8abfa76;p=thirdparty%2Fntp.git

CID 97377: ntp-keygen.c's followlink() might not NUL-terminate

bk: 50027973OLEPnu_SE_hVp5X167-bxg
---

diff --git a/ChangeLog b/ChangeLog
index ba090da6b..0a7ef5055 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+* CID 97377: ntp-keygen.c's followlink() might not NUL-terminate.
 * CID 709185: refclock_chu.c will leak fd==0 (which should be impossible).
 (4.2.7p288) 2012/07/03 Released by Harlan Stenn <stenn@ntp.org>
 * CID 709173: Make sure a libisc function we do not use is called properly.
diff --git a/util/ntp-keygen.c b/util/ntp-keygen.c
index d8bcba298..0827cff36 100644
--- a/util/ntp-keygen.c
+++ b/util/ntp-keygen.c
@@ -267,9 +267,13 @@ followlink(
 {
 	int len;
 
+	REQUIRE(bufsiz > 0);
+
 	len = readlink(fname, fname, (int)bufsiz);
-	if (len < 0 || bufsiz < 1)
+	if (len < 0 ) {
+		fname[0] = '\0';
 		return;
+	}
 	if (len > (int)bufsiz - 1)
 		len = (int)bufsiz - 1;
 	fname[len] = '\0';