Fw: [Git][NTPsec/ntpsec][master] Use ALPN for the NTS server.
Gary E. Miller
gem at rellim.com
Tue Jun 25 21:09:34 UTC 2019
Yo Hal!
> Hal Murray pushed to branch master at NTPsec / ntpsec
+ for (i = 0; i < inlen; i += in[i]) {
+ if (in[i] == alpn[0] && !memcmp(&in[i+1], &alpn[1], alpn[0])) {
Buffer overrun!
alpn[0] is always 7, so the length of the memcmp() is always 7.
i can be 0 to (inlen - 1).
When i is (ilen - 1) the buffer in[] will be overrun by 7.
Maybe not normally, but eassy for a malicious user packet.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190625/45f61e6e/attachment-0001.htm>
-------------- next part --------------
_______________________________________________
vc mailing list
vc at ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/vc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190625/45f61e6e/attachment-0001.bin>
More information about the devel
mailing list