From owner-freebsd-security  Thu Apr  5 16:55:25 2001
Delivered-To: freebsd-security@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP id 77B4437B43F
	for <security@FreeBSD.ORG>; Thu,  5 Apr 2001 16:55:22 -0700 (PDT)
	(envelope-from ache@nagual.pp.ru)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.3/8.11.3) id f35Nt0806376;
	Fri, 6 Apr 2001 03:55:00 +0400 (MSD)
	(envelope-from ache)
Date: Fri, 6 Apr 2001 03:54:59 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Matt Dillon <dillon@earth.backplane.com>
Cc: Mark.Andrews@nominum.com, Chris Byrnes <chris@jeah.net>,
	security@FreeBSD.ORG
Subject: Re: ntpd patch
Message-ID: <20010406035459.A6350@nagual.pp.ru>
References: <200104052314.f35NE6T54121@drugs.dv.isc.org> <200104052328.f35NSN232886@earth.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200104052328.f35NSN232886@earth.backplane.com>; from dillon@earth.backplane.com on Thu, Apr 05, 2001 at 04:28:23PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Apr 05, 2001 at 16:28:23 -0700, Matt Dillon wrote:
>    Off-by-1 fix +
>    buffer underflow	http://apollo.backplane.com/FreeBSD/ntpd-patch2.diff
> 

For this one please change

+		while (tp != buf && isspace((int)(*(tp-1))))

to 

+		while (tp != buf && isspace((unsigned char)(*(tp-1))))

(int) cast is completely wrong and dangerous.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message