[Git][NTPsec/ntpsec][master] magnavox: alternate way to avoid buffer overrun.

[Gary E. Miller]

Gary E. Miller pushed to branch master at NTPsec / ntpsec


Commits:
eaf5b711 by Gary E. Miller at 2017-02-11T12:21:44-08:00
magnavox: alternate way to avoid buffer overrun.

No way to test...

- - - - -


1 changed file:

- ntpd/refclock_magnavox.c


Changes:

=====================================
ntpd/refclock_magnavox.c
=====================================
--- a/ntpd/refclock_magnavox.c
+++ b/ntpd/refclock_magnavox.c
@@ -1565,22 +1565,19 @@ mx4200_send(struct peer *peer, char *fmt, ...)
 	register char *cp;
 	register int n, m;
 	va_list ap;
-	char buf[1024];
+	char buf1[1024];
+	char buf[sizeof(buf1)  + 10];
 	uint8_t ck;
 
 	va_start(ap, fmt);
 
 	pp = peer->procptr;
 
-	cp = buf;
-	*cp++ = '$';
-	n = vsnprintf(cp, sizeof(buf) - 1, fmt, ap);
-	ck = mx4200_cksum(cp, n);
-	cp += n;
-	++n;
-	/* should always fire, it's only here to make overrun impossible */ 
-	if (sizeof(buf) - n >= 5)
-	    n += snprintf(cp, sizeof(buf) - n - 5, "*%02X\r\n", ck);
+	vsnprintf(buf1, sizeof(buf1) - 1, fmt, ap);
+        buf1[sizeof(buf1) - 1 ] = '\0';
+	ck = mx4200_cksum(cp, strlen(buf1));
+        /* buf can never overrun */
+	n = snprintf(buf, sizeof(buf) - 1, "$%1024s*%02X\r\n", cp, ck);
 
 	m = write(pp->io.fd, buf, (unsigned)n);
 	if (m < 0)



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/eaf5b711f2698bda6b9e07b9963c19a8b3c97982
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170211/cd4316e7/attachment.html>