<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

</head>

<body>

<style type="text/css">

img {

max-width: 100%; height: auto;

}

</style>

<div class="content">

<h3>

Daniel Fox Franke pushed to branch proto-refactor

at <a href="https://gitlab.com/NTPsec/ntpsec">NTPsec / ntpsec</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://gitlab.com/NTPsec/ntpsec/commit/d9c6983be2ebc008339b602b2b379df8d73783f4">d9c6983b</a></strong>

<div>

<span>by Daniel Fox Franke</span>

<i>at 2016-07-08T20:06:24-04:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap">Fix extension length calculation

This was a nasty vulnerability, fortunately found quickly and before

merging to master.</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#diff-0" style="text-decoration: none">

ntpd/ntp_proto.c

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="diff-0">

<a href="https://gitlab.com/NTPsec/ntpsec/commit/d9c6983be2ebc008339b602b2b379df8d73783f4#diff-0"><strong>ntpd/ntp_proto.c</strong></a>

<hr>

<table class="code white" style="-premailer-cellpadding: 0; -premailer-cellspacing: 0; -premailer-width: 100%; background: #fff; border: none; border-collapse: separate; color: #333; font-family: monospace; margin: 0; padding: 0; width: 100%" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">

<tr class="line_holder match">

<td class="diff-line-num js-unfold old_line unfold" data-linenumber="301" style="background: #fafafa; border-color: #f0f0f0; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

...

</td>

<td class="diff-line-num js-unfold new_line unfold" data-linenumber="301" style="background: #fafafa; border-color: #f0f0f0; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

...

</td>

<td class="line_content match" style="background: #fafafa; border: none; color: rgba(0,0,0,0.3); display: block; font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; padding: 0 0.5em; white-space: pre" bgcolor="#fafafa">@@ -301,7 +301,7 @@ parse_packet(</td>

</tr>

<tr class="line_holder">

<td class="old_line diff-line-num" data-linenumber="301" style="background: #fafafa; border-color: #f0f0f0; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

301

</td>

<td class="new_line diff-line-num" data-linenumber="301" style="background: #fafafa; border-color: #f0f0f0; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

301

</td>

<td class="line_content noteable_line" style="background: #fff; border: none; color: #333; display: block; font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; padding: 0 0.5em; white-space: pre" bgcolor="#fff"> <span id="LC301" class="line">                       <span class="k" style="font-weight: bold">if</span><span class="p">(</span><span class="n" style="color: #333">pkt</span><span class="o" style="font-weight: bold">-></span><span class="n" style="color: #333">extensions</span><span class="p">[</span><span class="n" style="color: #333">i</span><span class="p">].</span><span class="n" style="color: #333">body</span> <span class="o" style="font-weight: bold">==</span> <span class="nb" style="color: #0086b3">NULL</span><span class="p">)</span> <span class="p">{</span> <span class="k" style="font-weight: bold">goto</span> <span class="n" style="color: #333">fail</span><span class="p">;</span> <span class="p">}</span></span>

</td>

</tr>

<tr class="line_holder">

<td class="old_line diff-line-num" data-linenumber="302" style="background: #fafafa; border-color: #f0f0f0; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

302

</td>

<td class="new_line diff-line-num" data-linenumber="302" style="background: #fafafa; border-color: #f0f0f0; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

302

</td>

<td class="line_content noteable_line" style="background: #fff; border: none; color: #333; display: block; font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; padding: 0 0.5em; white-space: pre" bgcolor="#fff"> <span id="LC302" class="line">                       <span class="n" style="color: #333">memcpy</span><span class="p">(</span><span class="n" style="color: #333">pkt</span><span class="o" style="font-weight: bold">-></span><span class="n" style="color: #333">extensions</span><span class="p">[</span><span class="n" style="color: #333">i</span><span class="p">].</span><span class="n" style="color: #333">body</span><span class="p">,</span> <span class="n" style="color: #333">bufptr</span> <span class="o" style="font-weight: bold">+</span> <span class="mi" style="color: #099">4</span><span class="p">,</span></span>

</td>

</tr>

<tr class="line_holder">

<td class="old_line diff-line-num" data-linenumber="303" style="background: #fafafa; border-color: #f0f0f0; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

303

</td>

<td class="new_line diff-line-num" data-linenumber="303" style="background: #fafafa; border-color: #f0f0f0; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

303

</td>

<td class="line_content noteable_line" style="background: #fff; border: none; color: #333; display: block; font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; padding: 0 0.5em; white-space: pre" bgcolor="#fff"> <span id="LC303" class="line">                              <span class="n" style="color: #333">pkt</span><span class="o" style="font-weight: bold">-></span><span class="n" style="color: #333">extensions</span><span class="p">[</span><span class="n" style="color: #333">i</span><span class="p">].</span><span class="n" style="color: #333">len</span><span class="p">);</span></span>

</td>

</tr>

<tr class="line_holder old">

<td class="diff-line-num old old_line" data-linenumber="304" style="background: #f9d7dc; border-color: #fac5cd; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#f9d7dc">

304

</td>

<td class="diff-line-num new_line old" data-linenumber="304" style="background: #f9d7dc; border-color: #fac5cd; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content noteable_line old" style="background: #fbe9eb; border: none; color: #333; display: block; font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; padding: 0 0.5em; white-space: pre" bgcolor="#fbe9eb"> <span id="LC304" class="line">                     <span class="n" style="color: #333">bufptr</span> <span class="o" style="font-weight: bold">+=</span> <span class="n" style="color: #333">pkt</span><span class="o" style="font-weight: bold">-></span><span class="n" style="color: #333">extensions</span><span class="p">[</span><span class="n" style="color: #333">i</span><span class="p">].</span><span class="n" style="color: #333">len</span><span class="p">;</span></span>

</td>

</tr>

<tr class="line_holder new">

<td class="diff-line-num new old_line" data-linenumber="304" style="background: #ddfbe6; border-color: #c7f0d2; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#ddfbe6">

</td>

<td class="diff-line-num new new_line" data-linenumber="304" style="background: #ddfbe6; border-color: #c7f0d2; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#ddfbe6">

304

</td>

<td class="line_content new noteable_line" style="background: #ecfdf0; border: none; color: #333; display: block; font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; padding: 0 0.5em; white-space: pre" bgcolor="#ecfdf0"> <span id="LC304" class="line">                     <span class="n" style="color: #333">bufptr</span> <span class="o" style="font-weight: bold">+=</span> <span class="n" style="color: #333">pkt</span><span class="o" style="font-weight: bold">-></span><span class="n" style="color: #333">extensions</span><span class="p">[</span><span class="n" style="color: #333">i</span><span class="p">].</span><span class="n" style="color: #333">len</span><span class="idiff left" style="background: #c7f0d2"> </span><span class="o" style="font-weight: bold"><span class="idiff" style="background: #c7f0d2">+</span></span><span class="idiff" style="background: #c7f0d2"> </span><span class="mi" style="color: #099"><span class="idiff right" style="background: #c7f0d2">4</span></span><span class="p">;</span></span>

</td>

</tr>

<tr class="line_holder">

<td class="old_line diff-line-num" data-linenumber="305" style="background: #fafafa; border-color: #f0f0f0; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

305

</td>

<td class="new_line diff-line-num" data-linenumber="305" style="background: #fafafa; border-color: #f0f0f0; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

305

</td>

<td class="line_content noteable_line" style="background: #fff; border: none; color: #333; display: block; font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; padding: 0 0.5em; white-space: pre" bgcolor="#fff"> <span id="LC305" class="line">               <span class="p">}</span></span>

</td>

</tr>

<tr class="line_holder">

<td class="old_line diff-line-num" data-linenumber="306" style="background: #fafafa; border-color: #f0f0f0; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

306

</td>

<td class="new_line diff-line-num" data-linenumber="306" style="background: #fafafa; border-color: #f0f0f0; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

306

</td>

<td class="line_content noteable_line" style="background: #fff; border: none; color: #333; display: block; font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; padding: 0 0.5em; white-space: pre" bgcolor="#fff"> <span id="LC306" class="line">       <span class="p">}</span></span>

</td>

</tr>

<tr class="line_holder">

<td class="old_line diff-line-num" data-linenumber="307" style="background: #fafafa; border-color: #f0f0f0; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

307

</td>

<td class="new_line diff-line-num" data-linenumber="307" style="background: #fafafa; border-color: #f0f0f0; border-right-width: 1px; border-style: none solid none none; color: rgba(0,0,0,0.3); font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; max-width: 50px; min-width: 35px; padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

307

</td>

<td class="line_content noteable_line" style="background: #fff; border: none; color: #333; display: block; font-family: monospace; font-size: 13px; line-height: 1.5; margin: 0; padding: 0 0.5em; white-space: pre" bgcolor="#fff"> <span id="LC307" class="line"></span>

</td>

</tr>

</table>

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px">

<p style="color: #777; font-size: small">

—

<br>

<a href="https://gitlab.com/NTPsec/ntpsec/commit/d9c6983be2ebc008339b602b2b379df8d73783f4">View it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://gitlab.com/NTPsec/ntpsec/commit/d9c6983be2ebc008339b602b2b379df8d73783f4"}}</script>

</p>

</div>

</body>

</html>