Bill,
ntpdate is being deprecated.
And it is *much* better to file reports like this using bugs.ntp.org as
otherwise they tend to get lost in the wind.
H
--
>>> In article <[EMAIL PROTECTED]>, Unruh <[EMAIL PROTECTED]> writes:
Unruh> In ntpdate.c around line 542 (4.2.4p4)is the sequence if
Unruh> (!authistrusted(sys_authkey)) { char buf[10];
Unruh> (void) sprintf(buf, "%lu", (unsigned long)sys_authkey);
Unruh> msyslog(LOG_ERR, "authentication key %s unknown", buf); exit(1);
Unruh> }
Unruh> Since unsigned long does not have a definite length on all machines,
Unruh> and with the trailing zero certainly is potentially longer than 10
Unruh> bytes, that buf is ripe for buffer overflow. It should be something
Unruh> like char buf[(sizeof(unsigned long)*12/5+2)]; And/or the sprintf
Unruh> should be an snprintf.
--
Harlan Stenn <[EMAIL PROTECTED]>
http://ntpforum.isc.org - be a member!
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.org/mailman/listinfo/questions
