]> git.ipfire.org Git - thirdparty/ntp.git/commitdiff
ChangeLog, ntp_control.c:
authorHarlan Stenn <stenn@ntp.org>
Sat, 14 Apr 2001 01:10:27 +0000 (01:10 -0000)
committerHarlan Stenn <stenn@ntp.org>
Sat, 14 Apr 2001 01:10:27 +0000 (01:10 -0000)
  * ntpd/ntp_control.c (ctl_getitem): msyslog() possible buffer
  overflow exploit.

bk: 3ad7a383pewRltoPDoddzqDZj3EBvg

ChangeLog
ntpd/ntp_control.c

index a09b96859167b8d8b2ed548a5ad87be441992681..f16dcb705c10fb7594de90781172f1233b516c83 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2001-04-13  Harlan Stenn  <stenn@whimsy.udel.edu>
 
+       * ntpd/ntp_control.c (ctl_getitem): msyslog() possible buffer
+       overflow exploit.
+
        * configure.in: 4.0.99k24
 
        * html/pic/radio2.jpg:
@@ -36,7 +39,8 @@
        up some loop logic.
        * ntpd/ntp_config.c: Added "tinker" and "minpoll".  Use
        sys_minpoll now, instead of old manifest constant.
-       (save_resolve): Print keyid using decimal, not hex.
+       (save_resolve): Print keyid using decimal, not hex.  From Lars-Owe
+       Ivarsson <larsowe@paradisaea.its.uu.se>
        * include/ntpd.h: Added peer_ntpdate and sys_minpoll.
        * include/ntp_config.h (CONF_CLOCK_MINPOLL): Added.
        * include/ntp.h: keyid cleanup.  LOOP_* cleanup.
index 38b66baac998bc805aacf8b210b810b1f917179f..b7d82835510d87504f1e92cfcbd5738c47676d99 100644 (file)
 #include <ctype.h>
 #include <signal.h>
 
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+
+
 #ifdef PUBKEY
 #include "ntp_crypto.h"
 #endif /* PUBKEY */
@@ -1863,8 +1869,13 @@ ctl_getitem(
                                                cp++;
                                        while (cp < reqend && *cp != ',') {
                                                *tp++ = *cp++;
-                                               if (tp >= buf + sizeof(buf))
+                                               if (tp >= buf + sizeof(buf)) {
+                                                       msyslog(LOG_WARNING,
+               "Possible 'ntpdx' exploit from %s:%d (possibly spoofed)\n",
+               inet_ntoa(rmt_addr->sin_addr), ntohs(rmt_addr->sin_port)
+                                                               );
                                                        return (0);
+                                               }
                                        }
                                        if (cp < reqend)
                                                cp++;