From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Fri, 15 Aug 2014 10:54:32 +0000 (+0200)
Subject: Check for truncated source address when receiving packets
X-Git-Tag: 1.31-pre1~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ff4abc69c31b5a8c2d9bb1f1dc536fbdd5079c60;p=thirdparty%2Fchrony.git

Check for truncated source address when receiving packets
---

diff --git a/cmdmon.c b/cmdmon.c
index 37f0d3d3..2f354e38 100644
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -1644,6 +1644,9 @@ read_from_cmd_socket(void *anything)
     return;
   }
 
+  if (from_length > sizeof (where_from))
+    LOG_FATAL(LOGF_CmdMon, "Truncated source address");
+
   read_length = status;
 
   LCL_ReadRawTime(&now);
diff --git a/ntp_io.c b/ntp_io.c
index 72f6a660..d6917350 100644
--- a/ntp_io.c
+++ b/ntp_io.c
@@ -481,6 +481,9 @@ read_from_socket(void *anything)
      reponse on a subsequent recvfrom). */
 
   if (status > 0) {
+    if (msg.msg_namelen > sizeof (where_from))
+      LOG_FATAL(LOGF_NtpIO, "Truncated source address");
+
     switch (where_from.u.sa_family) {
       case AF_INET:
         remote_addr.ip_addr.family = IPADDR_INET4;