[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: xntpd port fix (Re: ports/1758: xntpd remote buffer overflow)
- To: bugs_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
- Subject: Re: xntpd port fix (Re: ports/1758: xntpd remote buffer overflow)
- From: "Kenneth J. Hendrickson" <kHendrickson_(_at_)_cFL_(_dot_)_RR_(_dot_)_com>
- Date: Thu, 5 Apr 2001 12:20:03 -0600 (MDT)
- Cc:
- Reply-to: "Kenneth J. Hendrickson" <kHendrickson_(_at_)_cFL_(_dot_)_RR_(_dot_)_com>
The following reply was made to PR ports/1758; it has been noted by GNATS.
From: "Kenneth J. Hendrickson" <kHendrickson_(_at_)_cFL_(_dot_)_RR_(_dot_)_com>
To: "Kenneth J. Hendrickson" <kHendrickson_(_at_)_cFL_(_dot_)_RR_(_dot_)_com>,
NAKAMURA Kazushi <kaz_(_at_)_kobe1995_(_dot_)_net>, Jason Wright <jason_(_at_)_openbsd_(_dot_)_org>,
gnats_(_at_)_openbsd_(_dot_)_org, kaz_(_at_)_ns_(_dot_)_kobe1995_(_dot_)_net, bugs_(_at_)_openbsd_(_dot_)_org
Cc: Subject: Re: xntpd port fix (Re: ports/1758: xntpd remote buffer overflow)
Date: Thu, 5 Apr 2001 14:12:07 -0400
On Thu, Apr 05, 2001 at 05:12:16PM +0100, Jon Ribbens wrote:
> You don't need the -1. tp is incremented *before* the above check, so
> it is still the same value when it does *tp='\0'. If
> 'tp >= buf + sizeof(buf)' was not true (i.e. we haven't already bombed
> out) then tp is still pointing inside the buffer and *tp='\0' is safe.
You are correct. My Bad.
Here is the updated patch-ntp_control.c file:
begin 644 patch-ntp_control.c
M*BHJ('AN='!D+VYT<%]C;VYT<F]L+F,N;W)I9PE-;VX_(_at_)_075G(#$P(#$X.C$V
M.C,T(#$Y_(_dot_)_3_(_at_)_*+2TM('AN='!D+VYT<%]C;VYT<F]L+F,)5&AU($%P<B`_(_at_)_-2`Q
M,3HT,3HT,R`R,#`Q"BHJ*BHJ*BHJ*BHJ*BHJ*_(_at_)_HJ*BH@,2PV("HJ*BH*+2TM
M(#$L,3$_(_at_)_+2TM+0H@("\J"B`@("H@;G1P7V-O;G1R;VPN8R`M(')E<W!O;F0@
M=&\_(_at_)_8V]N=')O;"!M97-S86=E<R!A;F0@<V5N9"!A<WEN8R!T<F%P<PH@("`J
M+PHK(`HK("\J"BL@("H@)$9R965"4T0Z('-R8R]C;VYT<FEB+VYT<"]N='!D
M+VYT<%]C;VYT<F]L+F,L=B`Q+C$N,2XR+C(N,2`R,#`Q+S`T+S`T(#(S.C`Y
M.C$P('!H:R!%>'`@)`HK("`J+PHK(`H@("-I9F1E9B!(059%7T-/3D9)1U](
M"B`@(VEN8VQU9&4@/&-O;F9I9RYH/@H@("-E;F1I9_(_at_)_HJ*BHJ*BHJ*BHJ*BHJ
M*BH**BHJ(#$W-3(L,3<U.2`J*BHJ"B`@"0D)"0ET<"`](&)U9CL*("`)"0D)
M"7=H:6QE("AC<"`\(')E<65N9"`F)B!I<W-P86-E*"IC<"DI"B`@"0D)"0D)
M8W`K*SL*(2`)"0D)"7=H:6QE("AC<"`\(')E<65N9"`F)B`J8W`@(3T@)RPG
M*0H@(`D)"0D)"2IT<"LK(#T_(_at_)_*F-P*RL["B`@"0D)"0EI9B`H8W`@/"!R97%E
M;F0I"B`@"0D)"0D)8W`K*SL*("`)"0D)"2IT<"`]("=<,"<["BTM+2`Q-S4W
M+#$W-S8_(_at_)_+2TM+0H@(`D)"0D)='`@/2!B=68["B`@"0D)"0EW:&EL92`H8W`@
M/"!R97%E;F0@)B8@:7-S<&%C92_(_at_)_J8W`I*0H@(`D)"0D)"6-P*RL["B$@"0D)
M"0EW:&EL92`H8W`@/"!R97%E;F0@)B8_(_at_)_*F-P("$]("<L)RD@>PH@(`D)"0D)
M"2IT<"LK(#T_(_at_)_*F-P*RL["BL@"0D)"0D):68_(_at_)_*'1P(#X](&)U9B`K('-I>F5O
M9BAB=68I*2!["BL@"0D)"0D)"2!M<WES;&]G*$Q/1U]705).24Y'+"`B071T
M96UP=&5D(%PB;G1P9'A<(B!E>'!L;VET(&9R;VT_(_at_)_25`@)60N)60N)60N)60Z
M)60_(_at_)_*'!O<W-I8FQY('-P;V]F960I7&XB+"`**R`)*&YT;VAL*')M=%]A9&1R
M+3YS:6Y?861D<BYS7V%D9'(I(#X^(#(T*2`F(#!X9F8L"BL@"2AN=&]H;"AR
M;71?861D<BT^<VEN7V%D9'(N<U]A9&1R*2`^/B`Q-BD@)B`P>&9F+`HK(`DH
M;G1O:&PH<FUT7V%D9'(M/G-I;E]A9&1R+G-?861D<BD@/CX_(_at_)__(_dot_)_"D@)B`P>&9F
M+`HK(`DH;G1O:&PH<FUT7V%D9'(M/G-I;E]A9&1R+G-?861D<BD@/CX@,"D@
M)B`P>&9F+`HK(`EN=&]H<RAR;71?861D<BT^<VEN7W!O<G0I"BL_(_at_)_*3L**R`*
M*R`)"0D)"0D)<F5T=7)N("@P*3L**R`)"0D)"0E]"BL@"0D)"0E]"B`@"0D)
M"0EI9B`H8W`@/"!R97%E;F0I"B`@"0D)"0D)8W`K*SL*("`)"0D)"2IT<"`]
'("=<,"<["@``
`
end
To apply this patch:
mv patch-ntp_control.c /usr/ports/sysutils/xntpd/patches/
cd /usr/ports/sysutils/xntpd
make uninstall && make clean && make && make install
reboot
--
PGP Key Fingerprint 02 6A 4F DE DD 77 A1 8B 21 D9 81 EB ED C8 3A DC
We are upping our standards ... so up yours. Ken Hendrickson N8KH
Visit your host, monkey.org