CVS commit: src/external/bsd/ntp

Christos Zoulas Mon, 15 Aug 2011 22:15:34 -0700

Module Name:    src
Committed By:   christos
Date:           Tue Aug 16 05:15:21 UTC 2011


Modified Files:
        src/external/bsd/ntp/bin/ntpd: Makefile
        src/external/bsd/ntp/dist/include: ntp_request.h
        src/external/bsd/ntp/dist/ntpd: ntp_config.c ntp_control.c
            ntp_request.c ntpd.c refclock_jupiter.c refclock_oncore.c

Log Message:
- document non-literal strings
- fix bad security practices: {msyslog,syslog,printf}(buffer) ->
    {msyslog,syslog,printf}("%s", buffer)
- use an anonymous union to avoid type punning casts
- re-order expression to avoid integer overflow


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/external/bsd/ntp/bin/ntpd/Makefile
cvs rdiff -u -r1.1.1.1 -r1.2 src/external/bsd/ntp/dist/include/ntp_request.h
cvs rdiff -u -r1.3 -r1.4 src/external/bsd/ntp/dist/ntpd/ntp_config.c \
    src/external/bsd/ntp/dist/ntpd/ntp_control.c
cvs rdiff -u -r1.4 -r1.5 src/external/bsd/ntp/dist/ntpd/ntp_request.c \
    src/external/bsd/ntp/dist/ntpd/ntpd.c \
    src/external/bsd/ntp/dist/ntpd/refclock_oncore.c
cvs rdiff -u -r1.2 -r1.3 src/external/bsd/ntp/dist/ntpd/refclock_jupiter.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/external/bsd/ntp/bin/ntpd/Makefile
diff -u src/external/bsd/ntp/bin/ntpd/Makefile:1.9 src/external/bsd/ntp/bin/ntpd/Makefile:1.10
--- src/external/bsd/ntp/bin/ntpd/Makefile:1.9	Tue Jun 21 22:49:42 2011
+++ src/external/bsd/ntp/bin/ntpd/Makefile	Tue Aug 16 01:15:20 2011
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.9 2011/06/22 02:49:42 mrg Exp $
+#	$NetBSD: Makefile,v 1.10 2011/08/16 05:15:20 christos Exp $
 
 #NOGCCERROR=yes
 
@@ -90,13 +90,10 @@
 	${TOOL_SED} -e "s,NTPD 1,NTPD 8," $? > $@
 
 CLEANFILES+=ntpd.8
+COPTS.ntp_control.c+= -Wno-format-nonliteral
 
 .include <bsd.prog.mk>
 
 # kill default .y.c rule - to rebuild ntp_parser.c we need bison which is not part of the toolchain
 .y.c:
 
-# XXX
-.if ${HAVE_GCC} == 45
-COPTS.ntp_request.c+= -Wno-error -fno-strict-aliasing
-.endif

Index: src/external/bsd/ntp/dist/include/ntp_request.h
diff -u src/external/bsd/ntp/dist/include/ntp_request.h:1.1.1.1 src/external/bsd/ntp/dist/include/ntp_request.h:1.2
--- src/external/bsd/ntp/dist/include/ntp_request.h:1.1.1.1	Sun Dec 13 11:54:53 2009
+++ src/external/bsd/ntp/dist/include/ntp_request.h	Tue Aug 16 01:15:20 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: ntp_request.h,v 1.1.1.1 2009/12/13 16:54:53 kardel Exp $	*/
+/*	$NetBSD: ntp_request.h,v 1.2 2011/08/16 05:15:20 christos Exp $	*/
 
 /*
  * ntp_request.h - definitions for the ntpd remote query facility
@@ -125,6 +125,44 @@
 };
 
 /*
+ * Structure for carrying system flags.
+ */
+struct conf_sys_flags {
+	u_int32 flags;
+};
+
+/*
+ * System flags we can set/clear
+ */
+#define	SYS_FLAG_BCLIENT	0x01
+#define	SYS_FLAG_PPS		0x02
+#define SYS_FLAG_NTP		0x04
+#define SYS_FLAG_KERNEL		0x08
+#define SYS_FLAG_MONITOR	0x10
+#define SYS_FLAG_FILEGEN	0x20
+#define SYS_FLAG_AUTH		0x40
+#define SYS_FLAG_CAL		0x80
+
+/*
+ * Structure used for passing indication of flags to clear
+ */
+struct reset_flags {
+	u_int32 flags;
+};
+
+#define	RESET_FLAG_ALLPEERS	0x01
+#define	RESET_FLAG_IO		0x02
+#define	RESET_FLAG_SYS		0x04
+#define	RESET_FLAG_MEM		0x08
+#define	RESET_FLAG_TIMER	0x10
+#define	RESET_FLAG_AUTH		0x20
+#define	RESET_FLAG_CTL		0x40
+
+#define	RESET_ALLFLAGS \
+	(RESET_FLAG_ALLPEERS|RESET_FLAG_IO|RESET_FLAG_SYS \
+	|RESET_FLAG_MEM|RESET_FLAG_TIMER|RESET_FLAG_AUTH|RESET_FLAG_CTL)
+
+/*
  * A request packet.  These are almost a fixed length.
  */
 struct req_pkt {
@@ -134,8 +172,12 @@
 	u_char request;			/* request number */
 	u_short err_nitems;		/* error code/number of data items */
 	u_short mbz_itemsize;		/* item size */
-	char data[MAXFILENAME + 48];	/* data area [32 prev](176 byte max) */
-					/* struct conf_peer must fit */
+	union {
+	    char data[MAXFILENAME + 48];/* data area [32 prev](176 byte max) */
+	    struct conf_sys_flags c_s_flags;
+	    struct reset_flags r_flags;
+	    u_int32_t ui;
+	};
 	l_fp tstamp;			/* time stamp, for authentication */
 	keyid_t keyid;			/* (optional) encryption key */
 	char mac[MAX_MAC_LEN-sizeof(keyid_t)]; /* (optional) auth code */
@@ -217,8 +259,8 @@
 
 #define	INFO_ERR(err_nitems)	((u_short)((ntohs(err_nitems)>>12)&0xf))
 #define	INFO_NITEMS(err_nitems)	((u_short)(ntohs(err_nitems)&0xfff))
-#define	ERR_NITEMS(err, nitems)	(htons((u_short)((((u_short)(err)<<12)&0xf000)\
-				|((u_short)(nitems)&0xfff))))
+#define _ERR_EN(err)		((u_short)(((err)&0xf)<<12))
+#define	ERR_NITEMS(err, nitems)	((u_short)htons(_ERR_EN(err)|(nitems&0xfff)))
 
 #define	INFO_MBZ(mbz_itemsize)	((ntohs(mbz_itemsize)>>12)&0xf)
 #define	INFO_ITEMSIZE(mbz_itemsize)	((u_short)(ntohs(mbz_itemsize)&0xfff))
@@ -618,25 +660,6 @@
 };
 
 /*
- * Structure for carrying system flags.
- */
-struct conf_sys_flags {
-	u_int32 flags;
-};
-
-/*
- * System flags we can set/clear
- */
-#define	SYS_FLAG_BCLIENT	0x01
-#define	SYS_FLAG_PPS		0x02
-#define SYS_FLAG_NTP		0x04
-#define SYS_FLAG_KERNEL		0x08
-#define SYS_FLAG_MONITOR	0x10
-#define SYS_FLAG_FILEGEN	0x20
-#define SYS_FLAG_AUTH		0x40
-#define SYS_FLAG_CAL		0x80
-
-/*
  * Structure used for returning restrict entries
  */
 struct info_restrict {
@@ -720,25 +743,6 @@
 };
 
 /*
- * Structure used for passing indication of flags to clear
- */
-struct reset_flags {
-	u_int32 flags;
-};
-
-#define	RESET_FLAG_ALLPEERS	0x01
-#define	RESET_FLAG_IO		0x02
-#define	RESET_FLAG_SYS		0x04
-#define	RESET_FLAG_MEM		0x08
-#define	RESET_FLAG_TIMER	0x10
-#define	RESET_FLAG_AUTH		0x20
-#define	RESET_FLAG_CTL		0x40
-
-#define	RESET_ALLFLAGS \
-	(RESET_FLAG_ALLPEERS|RESET_FLAG_IO|RESET_FLAG_SYS \
-	|RESET_FLAG_MEM|RESET_FLAG_TIMER|RESET_FLAG_AUTH|RESET_FLAG_CTL)
-
-/*
  * Structure used to return information concerning the authentication
  * module.
  */

Index: src/external/bsd/ntp/dist/ntpd/ntp_config.c
diff -u src/external/bsd/ntp/dist/ntpd/ntp_config.c:1.3 src/external/bsd/ntp/dist/ntpd/ntp_config.c:1.4
--- src/external/bsd/ntp/dist/ntpd/ntp_config.c:1.3	Sat Dec  4 18:08:35 2010
+++ src/external/bsd/ntp/dist/ntpd/ntp_config.c	Tue Aug 16 01:15:21 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: ntp_config.c,v 1.3 2010/12/04 23:08:35 christos Exp $	*/
+/*	$NetBSD: ntp_config.c,v 1.4 2011/08/16 05:15:21 christos Exp $	*/
 
 /* ntp_config.c
  *
@@ -2299,7 +2299,7 @@
 		if ((RES_MSSNTP & flags) && !warned_signd) {
 			warned_signd = 1;
 			fprintf(stderr, "%s\n", signd_warning);
-			msyslog(LOG_WARNING, signd_warning);
+			msyslog(LOG_WARNING, "%s", signd_warning);
 		}
 	}
 }
Index: src/external/bsd/ntp/dist/ntpd/ntp_control.c
diff -u src/external/bsd/ntp/dist/ntpd/ntp_control.c:1.3 src/external/bsd/ntp/dist/ntpd/ntp_control.c:1.4
--- src/external/bsd/ntp/dist/ntpd/ntp_control.c:1.3	Thu Jun 30 22:18:54 2011
+++ src/external/bsd/ntp/dist/ntpd/ntp_control.c	Tue Aug 16 01:15:21 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: ntp_control.c,v 1.3 2011/07/01 02:18:54 mrg Exp $	*/
+/*	$NetBSD: ntp_control.c,v 1.4 2011/08/16 05:15:21 christos Exp $	*/
 
 /*
  * ntp_control.c - respond to control messages and send async traps
@@ -607,6 +607,7 @@
 	 * allow timestamping of the saved config filename with
 	 * strftime() format such as:
 	 *   ntpq -c "saveconfig ntp-%Y%m%d-%H%M%S.conf"
+	 * XXX: Nice feature, but not too safe.
 	 */
 	if (0 == strftime(filename, sizeof(filename), filespec,
 			       localtime(&now)))
@@ -2946,7 +2947,7 @@
 			    " %s", str);
 		}
 		NLOG(NLOG_SYSEVENT)
-		    msyslog(LOG_INFO, statstr);
+		    msyslog(LOG_INFO, "%s", statstr);
 	} else {
 
 		/*
@@ -2978,7 +2979,7 @@
 			    " %s", str);
 		}
 		NLOG(NLOG_PEEREVENT)
-		    msyslog(LOG_INFO, statstr);
+		    msyslog(LOG_INFO, "%s", statstr);
 	}
 	record_proto_stats(statstr);
 #if DEBUG

Index: src/external/bsd/ntp/dist/ntpd/ntp_request.c
diff -u src/external/bsd/ntp/dist/ntpd/ntp_request.c:1.4 src/external/bsd/ntp/dist/ntpd/ntp_request.c:1.5
--- src/external/bsd/ntp/dist/ntpd/ntp_request.c:1.4	Sat Dec  4 18:08:35 2010
+++ src/external/bsd/ntp/dist/ntpd/ntp_request.c	Tue Aug 16 01:15:21 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: ntp_request.c,v 1.4 2010/12/04 23:08:35 christos Exp $	*/
+/*	$NetBSD: ntp_request.c,v 1.5 2011/08/16 05:15:21 christos Exp $	*/
 
 /*
  * ntp_request.c - respond to information requests
@@ -261,7 +261,7 @@
 	rpkt.auth_seq = AUTH_SEQ(0, 0);
 	rpkt.implementation = inpkt->implementation;
 	rpkt.request = inpkt->request;
-	rpkt.err_nitems = ERR_NITEMS(errcode, 0);
+	rpkt.err_nitems = ERR_NITEMS(errcode, 0); 
 	rpkt.mbz_itemsize = MBZ_ITEMSIZE(0);
 
 	/*
@@ -1693,7 +1693,7 @@
 		return;
 	}
 
-	flags = ((struct conf_sys_flags *)inpkt->data)->flags;
+	flags = inpkt->c_s_flags.flags;
 	flags = ntohl(flags);
 	
 	if (flags & ~(SYS_FLAG_BCLIENT | SYS_FLAG_PPS |
@@ -2048,7 +2048,7 @@
 		return;
 	}
 
-	flags = ((struct reset_flags *)inpkt->data)->flags;
+	flags = inpkt->r_flags.flags;
 	flags = ntohl(flags);
      
 	if (flags & ~RESET_ALLFLAGS) {
@@ -2472,7 +2472,7 @@
 		return;
 	}
 
-	keyid = ntohl(*((u_int32 *)(inpkt->data)));
+	keyid = ntohl(inpkt->ui);
 	info_auth_keyid = keyid;
 	req_ack(srcadr, inter, inpkt, INFO_OKAY);
 }
@@ -2501,7 +2501,7 @@
 		return;
 	}
 
-	keyid = ntohl(*((u_int32 *)(inpkt->data)));
+	keyid = ntohl(inpkt->ui);
 	ctl_auth_keyid = keyid;
 	req_ack(srcadr, inter, inpkt, INFO_OKAY);
 }
Index: src/external/bsd/ntp/dist/ntpd/ntpd.c
diff -u src/external/bsd/ntp/dist/ntpd/ntpd.c:1.4 src/external/bsd/ntp/dist/ntpd/ntpd.c:1.5
--- src/external/bsd/ntp/dist/ntpd/ntpd.c:1.4	Sun Nov 28 19:39:41 2010
+++ src/external/bsd/ntp/dist/ntpd/ntpd.c	Tue Aug 16 01:15:21 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: ntpd.c,v 1.4 2010/11/29 00:39:41 christos Exp $	*/
+/*	$NetBSD: ntpd.c,v 1.5 2011/08/16 05:15:21 christos Exp $	*/
 
 /*
  * ntpd.c - main program for the fixed point NTP daemon
@@ -1266,7 +1266,7 @@
 
 	msyslog(LOG_ERR, "%s:%d: fatal error:", file, line);
 	vsnprintf(errbuf, sizeof(errbuf), format, args);
-	msyslog(LOG_ERR, errbuf);
+	msyslog(LOG_ERR, "%s", errbuf);
 	msyslog(LOG_ERR, "exiting (due to fatal error in library)");
 
 	abort();
@@ -1288,7 +1288,7 @@
 
 	msyslog(LOG_ERR, "%s:%d: unexpected error:", file, line);
 	vsnprintf(errbuf, sizeof(errbuf), format, args);
-	msyslog(LOG_ERR, errbuf);
+	msyslog(LOG_ERR, "%s", errbuf);
 
 	if (++unexpected_error_cnt == MAX_UNEXPECTED_ERRORS)
 	{
Index: src/external/bsd/ntp/dist/ntpd/refclock_oncore.c
diff -u src/external/bsd/ntp/dist/ntpd/refclock_oncore.c:1.4 src/external/bsd/ntp/dist/ntpd/refclock_oncore.c:1.5
--- src/external/bsd/ntp/dist/ntpd/refclock_oncore.c:1.4	Thu Jun 30 22:18:37 2011
+++ src/external/bsd/ntp/dist/ntpd/refclock_oncore.c	Tue Aug 16 01:15:21 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: refclock_oncore.c,v 1.4 2011/07/01 02:18:37 mrg Exp $	*/
+/*	$NetBSD: refclock_oncore.c,v 1.5 2011/08/16 05:15:21 christos Exp $	*/
 
 
 /*
@@ -4045,7 +4045,7 @@
 
 	snprintf(Msg, sizeof(Msg), "ONCORE[%d]: %s", instance->unit,
 		 msg);
-	syslog(log_level, Msg);
+	syslog(log_level, "%s", Msg);
 
 	i = strlen(msg);
 

Index: src/external/bsd/ntp/dist/ntpd/refclock_jupiter.c
diff -u src/external/bsd/ntp/dist/ntpd/refclock_jupiter.c:1.2 src/external/bsd/ntp/dist/ntpd/refclock_jupiter.c:1.3
--- src/external/bsd/ntp/dist/ntpd/refclock_jupiter.c:1.2	Sat Dec  4 18:08:35 2010
+++ src/external/bsd/ntp/dist/ntpd/refclock_jupiter.c	Tue Aug 16 01:15:21 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: refclock_jupiter.c,v 1.2 2010/12/04 23:08:35 christos Exp $	*/
+/*	$NetBSD: refclock_jupiter.c,v 1.3 2011/08/16 05:15:21 christos Exp $	*/
 
 /*
  * Copyright (c) 1997, 1998, 2003
@@ -904,7 +904,7 @@
 #ifdef DEBUG
 	if (debug) {
 		fprintf(stdout, "%s: ", function);
-		fprintf(stdout, buffer);
+		fprintf(stdout, "%s", buffer);
 		fprintf(stdout, "\n");
 		fflush(stdout);
 	}

CVS commit: src/external/bsd/ntp

Reply via email to