diff options
author | fredb <fredb@pkgsrc.org> | 2001-04-06 15:21:05 +0000 |
---|---|---|
committer | fredb <fredb@pkgsrc.org> | 2001-04-06 15:21:05 +0000 |
commit | 864195477e6f3dd58de94292238a0a2edeaad9f3 (patch) | |
tree | 88f24da1191b1463e5b6e4f6ee2ff5cf8e50f651 /net/ntp4 | |
parent | b405a4ddfe8828e20801b8034dadff2cc69e4adf (diff) | |
download | pkgsrc-864195477e6f3dd58de94292238a0a2edeaad9f3.tar.gz |
Prevent a buffer overflow in "ntpd"; patch pulled up from the NetBSD CVS
repository. Unpatched, the daemon can be caused to segfault by application
of malformed IP packets. Allegedly, this could lead to a root compromise,
but that has not been confirmed on NetBSD. See NetBSD Security Advisory
NetBSD-SA2001-004.
Diffstat (limited to 'net/ntp4')
-rw-r--r-- | net/ntp4/files/patch-sum | 7 | ||||
-rw-r--r-- | net/ntp4/patches/patch-aa | 29 |
2 files changed, 31 insertions, 5 deletions
diff --git a/net/ntp4/files/patch-sum b/net/ntp4/files/patch-sum index 29ea04b0d04..0af98b2c346 100644 --- a/net/ntp4/files/patch-sum +++ b/net/ntp4/files/patch-sum @@ -1,6 +1,3 @@ -$NetBSD: patch-sum,v 1.2 1999/11/14 05:23:27 fredb Exp $ +$NetBSD: patch-sum,v 1.3 2001/04/06 15:21:05 fredb Exp $ -This placeholder file is generated by the ``makepatchsum'' target -whenever the patches directory is empty or missing. Its purpose -is to ensure that the presence of any obsolete patches will cause -the proper error to be emitted at build time. +SHA1 (patch-aa) = 2ba2b21de71a6855e4290aa8a0ab96216e156937 diff --git a/net/ntp4/patches/patch-aa b/net/ntp4/patches/patch-aa new file mode 100644 index 00000000000..b561b273854 --- /dev/null +++ b/net/ntp4/patches/patch-aa @@ -0,0 +1,29 @@ +$NetBSD: patch-aa,v 1.3 2001/04/06 15:21:06 fredb Exp $ + +--- ntpd/ntp_control.c 2000/04/22 14:53:15 1.1.1.2 ++++ ntpd/ntp_control.c 2001/04/05 09:45:27 1.1.1.2.4.1 +@@ -1812,9 +1812,22 @@ + while (cp < reqend && + isspace((int)*cp)) + cp++; +- while (cp < reqend && *cp != +- ',') ++ while (cp < reqend && *cp != ',') { + *tp++ = *cp++; ++ if (tp >= ++ buf + sizeof(buf) - 1) { ++#if 0 /* don't syslog for now - DoS potential on filling syslog */ ++ msyslog(LOG_WARNING, ++ "Attempted \"ntpdx\" exploit from IP %d.%d.%d.%d:%d (possibly spoofed)\n", ++ (ntohl(rmt_addr->sin_addr.s_addr) >> 24) & 0xff, ++ (ntohl(rmt_addr->sin_addr.s_addr) >> 16) & 0xff, ++ (ntohl(rmt_addr->sin_addr.s_addr) >> 8) & 0xff, ++ (ntohl(rmt_addr->sin_addr.s_addr) >> 0) & 0xff, ++ ntohs(rmt_addr->sin_port)); ++#endif ++ return (0); ++ } ++ } + if (cp < reqend) + cp++; + *tp = '\0'; |