[Git][NTPsec/ntpsec][master] 2 commits: Correct shipping of overlong report strings in ctl_putdata().

[Eric S. Raymond]

Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
31c3b552 by Eric S. Raymond at 2017-02-11T11:25:49-05:00
Correct shipping of overlong report strings in ctl_putdata().

- - - - -
5264e0a6 by Eric S. Raymond at 2017-02-11T14:25:54-05:00
Belt-and-suspenders fix.

- - - - -


2 changed files:

- ntpd/ntp_control.c
- ntpd/refclock_oncore.c


Changes:

=====================================
ntpd/ntp_control.c
=====================================
--- a/ntpd/ntp_control.c
+++ b/ntpd/ntp_control.c
@@ -1027,6 +1027,7 @@ ctl_putdata(
 	)
 {
 	int overhead;
+	unsigned int currentlen;
 	const uint8_t * dataend = &rpkt.data[CTL_MAX_DATA_LEN];
 
 	overhead = 0;
@@ -1051,6 +1052,18 @@ ctl_putdata(
 	 * Save room for trailing junk
 	 */
 	while (dlen + overhead + datapt > dataend) {
+		/*
+		 * Not enough room in this one, flush it out.
+		 */
+		currentlen = MIN(dlen, (unsigned int)(dataend - datapt));
+
+		memcpy(datapt, dp, currentlen);
+
+		datapt += currentlen;
+		dp += currentlen;
+		dlen -= currentlen;
+		datalinelen += currentlen;
+
 		ctl_flushpkt(CTL_MORE);
 	}
 


=====================================
ntpd/refclock_oncore.c
=====================================
--- a/ntpd/refclock_oncore.c
+++ b/ntpd/refclock_oncore.c
@@ -1453,7 +1453,7 @@ oncore_receive(
 #endif
 
 	i = rbufp->recv_length;
-	if (rcvbuf+rcvptr+i > &rcvbuf[sizeof rcvbuf])
+	if (rcvbuf+rcvptr+i > &rcvbuf[sizeof(rcvbuf)-1])
 		i = sizeof(rcvbuf) - rcvptr;	/* and some char will be lost */
 	memcpy(rcvbuf+rcvptr, p, i);
 	rcvptr += i;



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/657dc8c107040f550ecb8d01226af4ba0a2f71ba...5264e0a66233ea20a4c859c39fe7a1ef9a620c4c
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170211/64363e44/attachment.html>