Date: Mon, 20 Apr 2009 09:59:08 +0000 (UTC) From: Ollivier Robert <roberto@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r191302 - in head/contrib/ntp: . ntpq Message-ID: <200904200959.n3K9x8ln042603@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: roberto Date: Mon Apr 20 09:59:08 2009 New Revision: 191302 URL: http://svn.freebsd.org/changeset/base/191302 Log: Merge r191298 into HEAD. Prevent a buffer overflow in ntpq. Patch taken from the PR database after being committed to the official ntp tree and present in 4.2.4p7-rc2. It will be MFH to the upcoming 7.2 pending re approval. Obtained from: https://support.ntp.org/bugs/show_bug.cgi?id=1144 MFC after: 3 days Security: http://www.securityfocus.com/bid/34481 CVE-2009-0159 Modified: head/contrib/ntp/ (props changed) head/contrib/ntp/ntpq/ntpq.c Modified: head/contrib/ntp/ntpq/ntpq.c ============================================================================== --- head/contrib/ntp/ntpq/ntpq.c Mon Apr 20 07:13:04 2009 (r191301) +++ head/contrib/ntp/ntpq/ntpq.c Mon Apr 20 09:59:08 2009 (r191302) @@ -3185,9 +3185,9 @@ cookedprint( if (!decodeuint(value, &uval)) output_raw = '?'; else { - char b[10]; + char b[12]; - (void) sprintf(b, "%03lo", uval); + (void) snprintf(b, sizeof(b), "%03lo", uval); output(fp, name, b); } break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904200959.n3K9x8ln042603>