<html lang='en'>
<head>
<meta content='text/html; charset=utf-8' http-equiv='Content-Type'>
<title>
GitLab
</title>
</meta>
</head>
<style>
img {
max-width: 100%;
height: auto;
}
p.details {
font-style:italic;
color:#777
}
.footer p {
font-size:small;
color:#777
}
pre.commit-message {
white-space: pre-wrap;
}
.file-stats a {
text-decoration: none;
}
.file-stats .new-file {
color: #090;
}
.file-stats .deleted-file {
color: #B00;
}
</style>
<body>
<div class='content'>
<h3>
Eric S. Raymond pushed to branch master
at <a href="https://gitlab.com/NTPsec/ntpsec">NTPsec / ntpsec</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://gitlab.com/NTPsec/ntpsec/commit/aa01ef7e1677c7bc9bd7a1a3b5f96c7730d219a8">aa01ef7e</a></strong>
<div>
<span>by Matt Selsky</span>
<i>at 2016-02-25T12:58:35-05:00</i>
</div>
<pre class='commit-message'>Check return values for sscanf. Fixes CID 135766 and CID 135765.</pre>
</li>
</ul>
<h4>1 changed file:</h4>
<ul>
<li class='file-stats'>
<a href='#diff-0'>
ntpd/ntp_intercept.c
</a>
</li>
</ul>
<h4>Changes:</h4>
<li id='diff-0'>
<a href='https://gitlab.com/NTPsec/ntpsec/commit/aa01ef7e1677c7bc9bd7a1a3b5f96c7730d219a8#diff-0'>
<strong>
ntpd/ntp_intercept.c
</strong>
</a>
<hr>
<pre class="highlight"><code><span style="color: #000000;background-color: #ffdddd">--- a/ntpd/ntp_intercept.c
</span><span style="color: #000000;background-color: #ddffdd">+++ b/ntpd/ntp_intercept.c
</span><span style="color: #aaaaaa">@@ -698,7 +698,10 @@ static void lfpload(char *str, l_fp *fp)
</span> {
uint64_t np;
<span style="color: #000000;background-color: #ffdddd">- sscanf(str, "%" PRIu64, &np);
</span><span style="color: #000000;background-color: #ddffdd">+ if (sscanf(str, "%" PRIu64, &np) != 1) {
+ fprintf(stderr, "ntpd: bad fp format at line %d\n", lineno);
+ exit(1);
+ }
</span>
(fp)->l_uf = (np) & 0xFFFFFFFF; \
(fp)->l_ui = (((np) >> FRACTION_PREC) & 0xFFFFFFFF); \
<span style="color: #aaaaaa">@@ -762,7 +765,10 @@ static size_t packet_parse(char *pktbuf, char *macbuf, struct pkt *pkt)
</span> size_t i;
for (i = 0; i < strlen(macbuf)/2; i++) {
int hexval;
<span style="color: #000000;background-color: #ffdddd">- sscanf(macbuf + 2*i, "%02x", &hexval);
</span><span style="color: #000000;background-color: #ddffdd">+ if (sscanf(macbuf + 2*i, "%02x", &hexval) != 1) {
+ fprintf(stderr, "ntpd: bad hexval format at line %d\n", lineno);
+ exit(1);
+ }
</span> pkt->exten[i] = hexval & 0xff;
++pktlen;
}
</code></pre>
<br>
</li>
</div>
<div class='footer' style='margin-top: 10px;'>
<p>
—
<br>
<a href="https://gitlab.com/NTPsec/ntpsec/commit/aa01ef7e1677c7bc9bd7a1a3b5f96c7730d219a8">View it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://gitlab.com/NTPsec/ntpsec/commit/aa01ef7e1677c7bc9bd7a1a3b5f96c7730d219a8"}}</script>
</p>
</div>
</body>
</html>