ntpsec | Authenticated out-of-bounds write in ntp_parser.y (#510)

Eric S. Raymond esr at thyrsus.com
Thu Nov 1 02:01:11 UTC 2018


Hal Murray via devel <devel at ntpsec.org>:
> The old buffer allocation pool is still there.  That could be cleaned up.
> 
> refclock_generic still calls get_free_recv_buffer
> There are 2 calls in ntp_io
> I think they could be replaced by chunks on the stack or globals.
> 
> Checking/understanding the data input path for refclocks might be interesting. 
>  There are 2 cases.  The ACSII text mode uses readline so the driver gets a 
> complete message on each call.  The binary mode has to take whatever data is 
> available and the driver has to keep collecting until it gets a whole message.
> 
> 
> If you want a medium size project that is well localized...

Good training, Ian.  I recommend it,

> ntp_control is the server side of ntpq.  It's table driven, but there are 2 or 
> 3 tables that must be kept in sync by hand.  (One is a set of #defines, so it 
> isn't actually a "table".)  We should be able to compress that to a single 
> table with a good macro.

I'm a little reluctant to add C macroloogy at this point. Plans for Go
translation aren't *on* the horizon at this point, but they're not far
over it.

On the other hand generating one nice table from declarative markup with
a Python helper would map over well to Go when we get there, and is the sort
of "do things as declratively as possible, as high level as possible" technique
that Ian should be learning.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.




More information about the devel mailing list