possible bug in netwok/ntpd.c for system that still have 32 bit time_t

Fri, 14 Feb 2025 06:42:32 -0800 

Hello Denys, 

After reading the posts of the mailing list for some days, I  decided to
post again my message, sending it also directly to you.

I posted the attached patch by the ptxdist mailing list, and they
suggested to post it upstream. 

I'm working with an old embedded system that is still using a 32 bit
time_t.

Upgrading busybox to 1.37.0 I encountered an unexpected crash in
the ntpd service. Specifically, when the one system acts as an ntpd
server, the crash occurs on the client side.

After investigating the issue, I believe I have identified a bug:
In the function that converts a double to the NTP time format, I found the
following code:

double d;
uint32_t intl;
intl = (uint32_t)(time_t)d;

where d is a double whose the integer part of d represents the number of
seconds since 1900-01-01T00:00:00.0

The number of seconds since 1900-01-01T00:00:00.0 is a number that exceed
the maximum capacity of my time_t, that is a 32bit signed integer. 

Casting d to time_t in the server truncates the value to 0x7fffffff,
leading to a crash in the client.

The solution is to avoid the cast to time_t when sizeof(time_t) == 4,
basically checking if(sizeof(time_t) == 4), and in this case making the
assignment as it was before applying commit
85acf71d2579ebe4eec05c6f31901adffa700adc - ntpd: make NTP client and server
Y2036/2038-ready).

I have attached patch proposal for this issue. 

Since the result of the condition

if(sizeof(time_t) == 4) 

is known at compile time, any modern decent compiler should optimize it
out, so there is no impact on performance or size.

Best regards

Ruggero



Best regards,

Ruggero

Index: busybox-1.37.0/networking/ntpd.c
===================================================================
--- busybox-1.37.0.orig/networking/ntpd.c
+++ busybox-1.37.0/networking/ntpd.c
@@ -583,8 +583,13 @@ d_to_lfp(l_fixedpt_t *lfp, double d)
 {
 	uint32_t intl;
 	uint32_t frac;
-	intl = (uint32_t)(time_t)d;
-	frac = (uint32_t)((d - (time_t)d) * 0xffffffff);
+	if(sizeof(time_t) == 4){
+		intl = (uint32_t)d;
+		frac = (uint32_t)((d - intl) * 0xffffffff);
+	}else{
+		intl = (uint32_t)(time_t)d;
+		frac = (uint32_t)((d - (time_t)d) * 0xffffffff);
+	}
 	lfp->int_partl = htonl(intl);
 	lfp->fractionl = htonl(frac);
 }

_______________________________________________
busybox mailing list
[email protected]
https://lists.busybox.net/mailman/listinfo/busybox

Reply via email to