✘Prevent potential buffer overruns in the mode 6 code.
Gary E. Miller
gem at rellim.com
Mon Mar 13 19:11:47 UTC 2017
Yo Ertic!
cp = buffer;
cq = tag;
- while (*cq != '\0')
+ while (*cq != '\0' && cp < buffer + sizeof(buffer) - 1)
*cp++ = *cq++;
Why not just use strlcpy? NTPsec has its own copy if the OS does
not provide it. This sort of bit-picky C code is where problems lurk.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20170313/a42cf3cb/attachment.bin>
More information about the devel
mailing list