[Git][NTPsec/ntpsec][master] ntp_parser.y: Fix a potential overflow in err_msg.

Gary E. Miller gitlab at mg.gitlab.com
Mon Oct 22 22:17:27 UTC 2018


Gary E. Miller pushed to branch master at NTPsec / ntpsec


Commits:
a619d39a by Gary E. Miller at 2018-10-22T22:16:46Z
ntp_parser.y: Fix a potential overflow in err_msg.

- - - - -


1 changed file:

- ntpd/ntp_parser.y


Changes:

=====================================
ntpd/ntp_parser.y
=====================================
@@ -1413,19 +1413,34 @@ yyerror(
 
 	msyslog(LOG_ERR, "CONFIG: line %d column %d %s",
 		ip_ctx->errpos.nline, ip_ctx->errpos.ncol, msg);
-	if (!lex_from_file()) {
-		/* Save the error message in the correct buffer */
-		retval = snprintf(remote_config.err_msg + remote_config.err_pos,
-				  (size_t)(MAXLINE - remote_config.err_pos),
-				  "column %d %s",
-				  ip_ctx->errpos.ncol, msg);
-
-		/* Increment the value of err_pos */
-		if (retval > 0)
-			remote_config.err_pos += retval;
-
-		/* Increment the number of errors */
-		++remote_config.no_errors;
+	if (lex_from_file()) {
+                /* all is good, so far */
+                return;
+        }
+        /* Uh, oh, got an error */
+
+	/* Increment the number of errors */
+	++remote_config.no_errors;
+
+	/* Save the error message in the correct buffer */
+	if ((MAXLINE - 10) < remote_config.err_pos) {
+		/* err_msg already full, ignore this */
+		return;
+	}
+	retval = snprintf(remote_config.err_msg + remote_config.err_pos,
+			  (size_t)(MAXLINE - remote_config.err_pos),
+			  "column %d %s", ip_ctx->errpos.ncol, msg);
+
+	/* Increment the value of err_pos */
+	if (retval > 0) {
+		/* careful, retval is not bytes written, it is
+		 * bytes that would have been written if space had
+                 * been available */
+		remote_config.err_pos += retval;
+		if (MAXLINE < remote_config.err_pos) {
+			/* err_msg overflowed! */
+			remote_config.err_pos = MAXLINE;
+		}
 	}
 }
 



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/a619d39ac2b6d3b435edd2f6f527c7cc81f78d02

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/a619d39ac2b6d3b435edd2f6f527c7cc81f78d02
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20181022/9acedccb/attachment-0001.html>


More information about the vc mailing list