ntpsec | Authenticated out-of-bounds write in ntp_parser.y (#510)

Hal Murray hmurray at megapathdsl.net
Wed Oct 31 18:44:26 UTC 2018


> While waiting for the NTS holding pattern I'm going to take another look  at
> the recvbuff removal. 

I did most of it a while ago.

It would be good for another set of eyeballs to scan things and become more 
familiar with that code.

The old buffer allocation pool is still there.  That could be cleaned up.

refclock_generic still calls get_free_recv_buffer
There are 2 calls in ntp_io
I think they could be replaced by chunks on the stack or globals.

Checking/understanding the data input path for refclocks might be interesting. 
 There are 2 cases.  The ACSII text mode uses readline so the driver gets a 
complete message on each call.  The binary mode has to take whatever data is 
available and the driver has to keep collecting until it gets a whole message.


If you want a medium size project that is well localized...

ntp_control is the server side of ntpq.  It's table driven, but there are 2 or 
3 tables that must be kept in sync by hand.  (One is a set of #defines, so it 
isn't actually a "table".)  We should be able to compress that to a single 
table with a good macro.


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list