William Colburn wrote:
> The package is newer as of today.
True enough, but I have the impression that there are more changes there
than just the area of code that's affected by the buffer overflow that
triggered the start of this thread. Can anyone confirm this?
I've looked and I *believe* the only difference relevant to this
discussion between today's ntp-4.0.99k23 and last Friday's is the
appended patch. If anyone believes there are more relevant differences
could you please point them out?
--
----------------------------------------------------------------------
Sylvain Robitaille [EMAIL PROTECTED]
Systems analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------
--- ntpd/ntp_control.c.20010412 Mon Apr 9 15:47:20 2001
+++ ntpd/ntp_control.c Thu Apr 12 17:11:47 2001
@@ -1759,9 +1759,11 @@
}
if (cp < reqend)
cp++;
- *tp = '\0';
- while (isspace(*(tp-1)))
- *(--tp) = '\0';
+ while (tp > buf) {
+ *tp-- = '\0';
+ if (!isspace((int)(*tp)))
+ break;
+ }
reqpt = cp;
*data = buf;
return v;
