[Git][NTPsec/ntpsec][master] Fix MR 1462 buffer issue from Coverity 554761
Hal Murray (@hal.murray)
gitlab at mg.gitlab.com
Sun Jul 27 00:22:40 UTC 2025
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
8cbc2dda by James Browning at 2025-07-26T12:44:52-07:00
Fix MR 1462 buffer issue from Coverity 554761
Out-of-bounds read: In ntp_RAND_bytes:
Out-of-bounds read from a buffer (CWE-125)
Incorrect values read from a different memory
region will cause incorrect computations.
- - - - -
1 changed file:
- libntp/ntp_random.c
Changes:
=====================================
libntp/ntp_random.c
=====================================
@@ -39,10 +39,10 @@ static void ntp_pool_rand_fill(uint8_t *buf, int num) {
}
void ntp_RAND_bytes(unsigned char *buf, int num) {
- if (0 > num) {
+ if (0 >= num) {
return;
}
- if (PRAND_BUF_LEN < num) { // This should never happen
+ if (PRAND_BUF_LEN <= num) { // This should never happen
return ntp_pool_rand_fill(buf, num);
}
if (PRAND_BUF_LEN < num + prand_burned) {
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/8cbc2dda09ac4d5aadd14c3bc2251254709874ca
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/8cbc2dda09ac4d5aadd14c3bc2251254709874ca
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20250727/c78f120c/attachment.htm>
More information about the vc
mailing list