[Git][NTPsec/ntpsec][master] Fix ntpd/ntp_control.c::ctl_putstr()...

[Eric S. Raymond]

Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
d5c3a375 by Eric S. Raymond at 2017-02-11T09:02:12-05:00
Fix ntpd/ntp_control.c::ctl_putstr()...

...it was only theoretically broken, because the scratch buffer was long
enough in all cases, but it was messy and the operation could be
expressed more concisely.

- - - - -


1 changed file:

- ntpd/ntp_control.c


Changes:

=====================================
ntpd/ntp_control.c
=====================================
--- a/ntpd/ntp_control.c
+++ b/ntpd/ntp_control.c
@@ -1069,6 +1069,8 @@ ctl_putdata(
  *
  *		len is the data length excluding the NUL terminator,
  *		as in ctl_putstr("var", "value", strlen("value"));
+ *		The write will be truncated if data contains  a NUL,
+ *		so don't do that.
  *
  * ESR, 2016: Whoever wrote this should be *hurt*.  If the string value is 
  * empty, no "=" and no value literal is written, just the bare tag.  
@@ -1081,21 +1083,14 @@ ctl_putstr(
 	)
 {
 	char buffer[512];
-	char *cp;
-	size_t tl;
+	size_t tl = strlen(tag);
 
-	tl = strlen(tag);
+	if (tl >= sizeof(buffer))
+	    return;
 	memcpy(buffer, tag, tl);
-	cp = buffer + tl;
-	if (len > 0) {
-		NTP_INSIST(tl + 3 + len <= sizeof(buffer));
-		*cp++ = '=';
-		*cp++ = '"';
-		memcpy(cp, data, len);
-		cp += len;
-		*cp++ = '"';
-	}
-	ctl_putdata(buffer, (u_int)(cp - buffer), false);
+	if (len > 0)
+	    snprintf(buffer + tl, sizeof(buffer) - tl, "=\"%s\"", data);
+	ctl_putdata(buffer, (u_int)strlen(buffer), false);
 }
 
 



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/d5c3a375d90a2374e88e89608a394e62b1191ac9
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170211/2bc4618e/attachment.html>