Debdiff for Intrepid SRU
nagios-plugins (1.4.11-2ubuntu2.1) intrepid-proposed; urgency=low
* Added 99_check_ntp_segfaults.dpatch: Fix for check_ntp and check_ntp_peer
segfaults (LP: #291265)
** Attachment added: nagios-plugins_1.4.11-2ubuntu2.1.debdiff
Fix is in SVN r2086:
http://nagiosplug.svn.sourceforge.net/viewvc/nagiosplug?view=revrevision=2086
** Changed in: nagios-plugins (Ubuntu)
Assignee: (unassigned) = Thierry Carrez (tcarrez)
Status: Confirmed = In Progress
--
Buffer overflow in check_ntp_peer - Nagios can't check time
Debdiff to fix this in the current development release
nagios-plugins (1.4.12-4ubuntu2) jaunty; urgency=low
* Added 99_check_ntp_segfaults.dpatch: Fix for check_ntp and check_ntp_peer
segfaults (LP: #291265)
** Attachment added: nagios-plugins_1.4.12-4ubuntu2.debdiff
This bug was fixed in the package nagios-plugins - 1.4.12-4ubuntu2
---
nagios-plugins (1.4.12-4ubuntu2) jaunty; urgency=low
* Added 99_check_ntp_segfaults.dpatch: Fix for check_ntp and check_ntp_peer
segfaults (LP: #291265)
-- Thierry Carrez [EMAIL PROTECTED] Wed, 19 Nov
Thank you for the job, mantainers and developers!
--
Buffer overflow in check_ntp_peer - Nagios can't check time servers in Intrepid
https://bugs.launchpad.net/bugs/291265
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nagios-plugins in
Confirmed, something gets caught by the stack smashing police.
Regression in intrepid, as it was working well in hardy.
** Changed in: nagios-plugins (Ubuntu)
Importance: Undecided = High
Status: New = Confirmed
--
Buffer overflow in check_ntp_peer - Nagios can't check time servers in
It fails on line 264 on
if(read(conn, req, SIZEOF_NTPCM(req)) == -1)
Upstream bug is:
http://sourceforge.net/tracker/?func=detailatid=397597aid=1999319group_id=29880
It's closed by saying the bug is in _FORTIFY_SOURCE, as the author
checked that the read call should not exceed allocated value.
I looked at this a bit, and the math seems to be wrong in this line:
#define SIZEOF_NTPCM(m) (12+ntohs(m.count)+((m.count)?4-(ntohs(m.count)%4):0))
In ntp_request we have (where MAX_CM_SIZE is defined as 468):
req.count=htons(MAX_CM_SIZE);
Which makes req.count = 54273. Later, we have: