From: Harlan Stenn <stenn@ntp.org>
Date: Sat, 9 Jun 2001 01:07:24 +0000 (-0000)
Subject: Many files:
X-Git-Tag: NTP_4_0_99M_RC3~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f5a644a13bc9ab5c941c5c5223aebfaf86e3f105;p=thirdparty%2Fntp.git

Many files:
  * configure.in: 4.0.99m-rc1b
  * ntpd/refclock_true.c (true_debug): Bump some buffer sizes to
  reduce/eliminate chance of buffer overflow.  Use snprintf()
  instead of sprintf().  Do a better job of opening the debug file.
  * ntpd/ntp_control.c (ctl_getitem): Count overflow packets as bad
  and return a BADFMT.
  * ntpd/ntp_config.c (save_resolve): call fdopen() with the correct
  mode.
  From: Bela Lubkin <belal@sco.com>

bk: 3b2176ccj2xbb_oMrLwSzKvugZ9POg
---

diff --git a/ChangeLog b/ChangeLog
index c4246522e..707419917 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2001-06-08  Harlan Stenn  <stenn@whimsy.udel.edu>
+
+	* configure.in: 4.0.99m-rc1b
+
+	* ntpd/refclock_true.c (true_debug): Bump some buffer sizes to
+	reduce/eliminate chance of buffer overflow.  Use snprintf()
+	instead of sprintf().  Do a better job of opening the debug file.
+	* ntpd/ntp_control.c (ctl_getitem): Count overflow packets as bad
+	and return a BADFMT.
+	* ntpd/ntp_config.c (save_resolve): call fdopen() with the correct
+	mode.
+	From: Bela Lubkin <belal@sco.com>
+
 2001-06-03  Harlan Stenn  <stenn@whimsy.udel.edu>
 
 	* include/ntp.h (RES_ALLFLAGS): Add RES_DEMOBILIZE.
diff --git a/configure b/configure
index 291c86f63..dbe181d38 100755
--- a/configure
+++ b/configure
@@ -1377,7 +1377,7 @@ fi
 
 # Define the identity of the package.
 PACKAGE=ntp
-VERSION=4.0.99m-rc1a
+VERSION=4.0.99m-rc1b
 
 cat >>confdefs.h <<EOF
 #define PACKAGE "$PACKAGE"
diff --git a/configure.in b/configure.in
index 9d1d0013a..053de2c2a 100644
--- a/configure.in
+++ b/configure.in
@@ -5,7 +5,7 @@ AC_CANONICAL_SYSTEM
 AC_DEFINE_UNQUOTED(STR_SYSTEM, "$target")
 AM_CONFIG_HEADER(config.h)
 AC_ARG_PROGRAM
-AM_INIT_AUTOMAKE(ntp, 4.0.99m-rc1a)
+AM_INIT_AUTOMAKE(ntp, 4.0.99m-rc1b)
 AC_PREREQ(2.49)
 
 ac_cv_var_oncore_ok=no
diff --git a/ntpd/ntp_config.c b/ntpd/ntp_config.c
index 4ea304da2..3f0e72db5 100644
--- a/ntpd/ntp_config.c
+++ b/ntpd/ntp_config.c
@@ -2054,7 +2054,7 @@ save_resolve(
 
 			res_fp = NULL;
 			if ((fd = mkstemp(res_file)) != -1)
-				res_fp = fdopen(fd, "w");
+				res_fp = fdopen(fd, "r+");
 		}
 #else
 		(void) mktemp(res_file);
diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c
index c807d5383..570e2f90f 100644
--- a/ntpd/ntp_control.c
+++ b/ntpd/ntp_control.c
@@ -1867,6 +1867,8 @@ ctl_getitem(
 					while (cp < reqend && *cp != ',') {
 						*tp++ = *cp++;
 						if (tp >= buf + sizeof(buf)) {
+							ctl_error(CERR_BADFMT);
+							numctlbadpkts++;
 							msyslog(LOG_WARNING,
 		"Possible 'ntpdx' exploit from %s:%d (possibly spoofed)\n",
 		inet_ntoa(rmt_addr->sin_addr), ntohs(rmt_addr->sin_port)
diff --git a/ntpd/refclock_true.c b/ntpd/refclock_true.c
index 199450286..dcc362d30 100644
--- a/ntpd/refclock_true.c
+++ b/ntpd/refclock_true.c
@@ -212,11 +212,12 @@ true_debug(struct peer *peer, const char *fmt, ...)
 	if (want_debugging != now_debugging)
 	{
 		if (want_debugging) {
-		    char filename[20];
+		    char filename[40];
+		    int fd;
 
-		    sprintf(filename, "/tmp/true%d.debug", up->unit);
-		    up->debug = fopen(filename, "w");
-		    if (up->debug) {
+		    snprintf(filename, sizeof(filename), "/tmp/true%d.debug", up->unit);
+		    fd = open(filename, O_CREAT | O_WRONLY | O_EXCL, 0600);
+		    if (fd >= 0 && (up->debug = fdopen(fd, "r+"))) {
 #ifdef HAVE_SETVBUF
 			    static char buf[BUFSIZ];
 			    setvbuf(up->debug, buf, _IOLBF, BUFSIZ);
@@ -248,13 +249,13 @@ true_start(
 {
 	register struct true_unit *up;
 	struct refclockproc *pp;
-	char device[20];
+	char device[40];
 	int fd;
 
 	/*
 	 * Open serial port
 	 */
-	(void)sprintf(device, DEVICE, unit);
+	(void)snprintf(device, sizeof(device), DEVICE, unit);
 	if (!(fd = refclock_open(device, SPEED232, LDISC_CLK)))
 	    return (0);