From: Harlan Stenn Date: Sat, 14 Apr 2001 01:10:27 +0000 (-0000) Subject: ChangeLog, ntp_control.c: X-Git-Tag: NTP_4_0_99_M~87 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cdfae6ebd32994b0cc4abb304c2a1c04b679d59f;p=thirdparty%2Fntp.git ChangeLog, ntp_control.c: * ntpd/ntp_control.c (ctl_getitem): msyslog() possible buffer overflow exploit. bk: 3ad7a383pewRltoPDoddzqDZj3EBvg --- diff --git a/ChangeLog b/ChangeLog index a09b968591..f16dcb705c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 2001-04-13 Harlan Stenn + * ntpd/ntp_control.c (ctl_getitem): msyslog() possible buffer + overflow exploit. + * configure.in: 4.0.99k24 * html/pic/radio2.jpg: @@ -36,7 +39,8 @@ up some loop logic. * ntpd/ntp_config.c: Added "tinker" and "minpoll". Use sys_minpoll now, instead of old manifest constant. - (save_resolve): Print keyid using decimal, not hex. + (save_resolve): Print keyid using decimal, not hex. From Lars-Owe + Ivarsson * include/ntpd.h: Added peer_ntpdate and sys_minpoll. * include/ntp_config.h (CONF_CLOCK_MINPOLL): Added. * include/ntp.h: keyid cleanup. LOOP_* cleanup. diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c index 38b66baac9..b7d8283551 100644 --- a/ntpd/ntp_control.c +++ b/ntpd/ntp_control.c @@ -15,6 +15,12 @@ #include #include +#include +#include +#include + + + #ifdef PUBKEY #include "ntp_crypto.h" #endif /* PUBKEY */ @@ -1863,8 +1869,13 @@ ctl_getitem( cp++; while (cp < reqend && *cp != ',') { *tp++ = *cp++; - if (tp >= buf + sizeof(buf)) + if (tp >= buf + sizeof(buf)) { + msyslog(LOG_WARNING, + "Possible 'ntpdx' exploit from %s:%d (possibly spoofed)\n", + inet_ntoa(rmt_addr->sin_addr), ntohs(rmt_addr->sin_port) + ); return (0); + } } if (cp < reqend) cp++;