From: Dave Hart Date: Sat, 18 Mar 2023 10:23:34 +0000 (-0400) Subject: [Bug 3802] ntp-keygen -I default identity modulus bits too small for OpenSSL 3. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b71ca28cbcc6ce46902ecd43bce7ad8ba82037b7;p=thirdparty%2Fntp.git [Bug 3802] ntp-keygen -I default identity modulus bits too small for OpenSSL 3. ntp-keygen.c: Use different buffers for in/out args to readlink() to respect "restrict" modifiers and avoid undefined behavior. smeartest.c: clean up warning re: main() vs main(void) bk: 64159126o9zSKZtLZIiqdoVjts9hOA --- diff --git a/ChangeLog b/ChangeLog index 7aba47a78..fd97d49a3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,6 @@ --- +* [Bug 3802] ntp-keygen -I default identity modulus bits too small for + OpenSSL 3. Reported by rmsh1216@163.com * [Bug 3797] Windows getaddrinfo w/AI_ADDRCONFIG fails for localhost when disconnected, breaking ntpq and ntpdc. * [Bug 3795] pollskewlist documentation uses | when it shouldn't. @@ -58,6 +60,7 @@ - applied patch by Gerry Garvey * [Bug 3432] refclocks that 'write()' should check the result - backport from -dev, plus some more work on warnings for unchecked results +* [Bug 3103] libopts zsave_warn format string too few arguments * [Bug 2525] Turn on automake subdir-objects across the project. * [Bug 2410] syslog an error message on panic exceeded. * Use https in the AC_INIT URLs in configure.ac. diff --git a/sntp/include/copyright.def b/sntp/include/copyright.def index 07b0b9870..c93887e2c 100644 --- a/sntp/include/copyright.def +++ b/sntp/include/copyright.def @@ -3,7 +3,7 @@ copyright = { date = "1992-2023"; owner = "The University of Delaware and Network Time Foundation"; - eaddr = "http://bugs.ntp.org, bugs@ntp.org"; + eaddr = "https://bugs.ntp.org, bugs@ntp.org"; type = ntp; }; diff --git a/tests/sandbox/smeartest.c b/tests/sandbox/smeartest.c index cc4e50304..7b11d11ed 100644 --- a/tests/sandbox/smeartest.c +++ b/tests/sandbox/smeartest.c @@ -127,7 +127,7 @@ ltor(l_fp l) int -main() +main(void) { l_fp l; int rc; diff --git a/util/ntp-keygen-opts.def b/util/ntp-keygen-opts.def index f89ee3344..632dbbec7 100644 --- a/util/ntp-keygen-opts.def +++ b/util/ntp-keygen-opts.def @@ -22,7 +22,7 @@ flag = { ifdef = AUTOKEY; descrip = "identity modulus bits"; doc = <<- _EndOfDoc_ - The number of bits in the identity modulus. The default is 256. + The number of bits in the identity modulus. The default is 512. _EndOfDoc_; }; diff --git a/util/ntp-keygen.c b/util/ntp-keygen.c index eb2cb34f7..c40a85298 100644 --- a/util/ntp-keygen.c +++ b/util/ntp-keygen.c @@ -121,7 +121,7 @@ #define MD5SIZE 20 /* maximum key size */ #ifdef AUTOKEY #define PLEN 512 /* default prime modulus size (bits) */ -#define ILEN 256 /* default identity modulus size (bits) */ +#define ILEN 512 /* default identity modulus size (bits) */ #define MVMAX 100 /* max MV parameters */ /* @@ -266,7 +266,7 @@ InitWin32Sockets() { /* * followlink() - replace filename with its target if symlink. * - * Some readlink() implementations do not null-terminate the result. + * readlink() does not null-terminate the result. */ void followlink( @@ -274,18 +274,22 @@ followlink( size_t bufsiz ) { - int len; + ssize_t len; + char * target; REQUIRE(bufsiz > 0); - len = readlink(fname, fname, (int)bufsiz); + target = emalloc(bufsiz); + len = readlink(fname, target, bufsiz); if (len < 0 ) { fname[0] = '\0'; return; } if (len > (int)bufsiz - 1) len = (int)bufsiz - 1; + memcpy(fname, target, len); fname[len] = '\0'; + free(target); }