<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

</head>

<body>

<style type="text/css">

img {

max-width: 100%; height: auto;

}

</style>

<div class="content">

<h3>

Eric S. Raymond pushed to branch master

at <a href="https://gitlab.com/NTPsec/ntpsec">NTPsec / ntpsec</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://gitlab.com/NTPsec/ntpsec/commit/c9d48c3985caf368b927975d18a057477c35e765">c9d48c39</a></strong>

<div>

<span>by Eric S. Raymond</span>

<i>at 2017-05-13T09:19:54-04:00</i>

</div>

<pre class="commit-message" style="margin: 0; white-space: pre-wrap">Address Coverity CID 161762: Out-of-bounds read (OVERRUN)

The message was: Overrunning array of 512 bytes at byte offset 512 by

dereferencing pointer cp.  Fix this by strengthening the early bounds

check.  Has the additional benefit of avoiding a (very unlikely)

assert check, instead writing nothing.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#403246f0aef784495bc035a970fa42eae64e2b4a">

ntpd/ntp_control.c

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="403246f0aef784495bc035a970fa42eae64e2b4a">

<a href="https://gitlab.com/NTPsec/ntpsec/commit/c9d48c3985caf368b927975d18a057477c35e765#403246f0aef784495bc035a970fa42eae64e2b4a"><strong>ntpd/ntp_control.c</strong></a>

<hr>

<table class="code white" style="-premailer-cellpadding: 0; -premailer-cellspacing: 0; -premailer-width: 100%; background: #fff; font-family: monospace; font-size: 12px" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">

<tr class="line_holder match" id="" style="line-height: 1.6">

<td class="diff-line-num unfold js-unfold old_line" data-linenumber="1128" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">...</td>

<td class="diff-line-num unfold js-unfold new_line" data-linenumber="1128" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">...</td>

<td class="line_content match " style="background: #fafafa; color: rgba(0,0,0,0.3); padding-left: 0.5em; padding-right: 0.5em" bgcolor="#fafafa">@@ -1128,12 +1128,11 @@ ctl_putunqstr(</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6">

<td class="diff-line-num old_line" data-linenumber="1128" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1128

</td>

<td class="diff-line-num new_line" data-linenumber="1128" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1128

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em">

<pre style="margin: 0"> <span id="LC1128" class="line" lang="c">    <span class="kt" style="color: #458; font-weight: bold">size_t</span> <span class="n" style="color: #333">tl</span><span class="p">;</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6">

<td class="diff-line-num old_line" data-linenumber="1129" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1129

</td>

<td class="diff-line-num new_line" data-linenumber="1129" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1129

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em">

<pre style="margin: 0"> <span id="LC1129" class="line" lang="c"></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6">

<td class="diff-line-num old_line" data-linenumber="1130" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1130

</td>

<td class="diff-line-num new_line" data-linenumber="1130" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1130

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em">

<pre style="margin: 0"> <span id="LC1130" class="line" lang="c">    <span class="n" style="color: #333">tl</span> <span class="o" style="font-weight: bold">=</span> <span class="n" style="color: #333">strlen</span><span class="p">(</span><span class="n" style="color: #333">tag</span><span class="p">);</span></span>

</pre>

</td>

</tr>

<tr class="line_holder old" id="" style="line-height: 1.6">

<td class="diff-line-num old old_line" data-linenumber="1131" style="background: #f9d7dc; border-right-color: #fac5cd; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#f9d7dc">

1131

</td>

<td class="diff-line-num new_line old" data-linenumber="1131" style="background: #f9d7dc; border-right-color: #fac5cd; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content noteable_line old" style="background: #fbe9eb; padding-left: 0.5em; padding-right: 0.5em" bgcolor="#fbe9eb">

<pre style="margin: 0">-<span id="LC1131" class="line" lang="c">    <span class="k" style="font-weight: bold">if</span> <span class="p">(</span><span class="n" style="color: #333">tl</span> <span class="o" style="font-weight: bold">>=</span> <span class="k" style="font-weight: bold">sizeof</span><span class="p">(</span><span class="n" style="color: #333">buffer</span><span class="p">))</span></span>

</pre>

</td>

</tr>

<tr class="line_holder new" id="" style="line-height: 1.6">

<td class="diff-line-num new old_line" data-linenumber="1132" style="background: #ddfbe6; border-right-color: #c7f0d2; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#ddfbe6">

</td>

<td class="diff-line-num new new_line" data-linenumber="1131" style="background: #ddfbe6; border-right-color: #c7f0d2; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#ddfbe6">

1131

</td>

<td class="line_content new noteable_line" style="background: #ecfdf0; padding-left: 0.5em; padding-right: 0.5em" bgcolor="#ecfdf0">

<pre style="margin: 0">+<span id="LC1131" class="line" lang="c">    <span class="k" style="font-weight: bold">if</span> <span class="p">(</span><span class="n" style="color: #333">tl</span> <span class="o" style="font-weight: bold"><span class="idiff left">+</span></span><span class="idiff"> </span><span class="mi" style="color: #099"><span class="idiff">1</span></span><span class="idiff"> </span><span class="o" style="font-weight: bold"><span class="idiff">+</span></span><span class="idiff"> </span><span class="n" style="color: #333"><span class="idiff">len</span></span><span class="idiff right"> </span><span class="o" style="font-weight: bold">>=</span> <span class="k" style="font-weight: bold">sizeof</span><span class="p">(</span><span class="n" style="color: #333">buffer</span><span class="p">))</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6">

<td class="diff-line-num old_line" data-linenumber="1132" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1132

</td>

<td class="diff-line-num new_line" data-linenumber="1132" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1132

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em">

<pre style="margin: 0"> <span id="LC1132" class="line" lang="c">        <span class="k" style="font-weight: bold">return</span><span class="p">;</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6">

<td class="diff-line-num old_line" data-linenumber="1133" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1133

</td>

<td class="diff-line-num new_line" data-linenumber="1133" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1133

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em">

<pre style="margin: 0"> <span id="LC1133" class="line" lang="c">    <span class="n" style="color: #333">memcpy</span><span class="p">(</span><span class="n" style="color: #333">buffer</span><span class="p">,</span> <span class="n" style="color: #333">tag</span><span class="p">,</span> <span class="n" style="color: #333">tl</span><span class="p">);</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6">

<td class="diff-line-num old_line" data-linenumber="1134" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1134

</td>

<td class="diff-line-num new_line" data-linenumber="1134" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1134

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em">

<pre style="margin: 0"> <span id="LC1134" class="line" lang="c">    <span class="n" style="color: #333">cp</span> <span class="o" style="font-weight: bold">=</span> <span class="n" style="color: #333">buffer</span> <span class="o" style="font-weight: bold">+</span> <span class="n" style="color: #333">tl</span><span class="p">;</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6">

<td class="diff-line-num old_line" data-linenumber="1135" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1135

</td>

<td class="diff-line-num new_line" data-linenumber="1135" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1135

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em">

<pre style="margin: 0"> <span id="LC1135" class="line" lang="c">    <span class="k" style="font-weight: bold">if</span> <span class="p">(</span><span class="n" style="color: #333">len</span> <span class="o" style="font-weight: bold">></span> <span class="mi" style="color: #099">0</span><span class="p">)</span> <span class="p">{</span></span>

</pre>

</td>

</tr>

<tr class="line_holder old" id="" style="line-height: 1.6">

<td class="diff-line-num old old_line" data-linenumber="1136" style="background: #f9d7dc; border-right-color: #fac5cd; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#f9d7dc">

1136

</td>

<td class="diff-line-num new_line old" data-linenumber="1136" style="background: #f9d7dc; border-right-color: #fac5cd; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content noteable_line old" style="background: #fbe9eb; padding-left: 0.5em; padding-right: 0.5em" bgcolor="#fbe9eb">

<pre style="margin: 0">-<span id="LC1136" class="line" lang="c">            <span class="n" style="color: #333">NTP_INSIST</span><span class="p">(</span><span class="n" style="color: #333">tl</span> <span class="o" style="font-weight: bold">+</span> <span class="mi" style="color: #099">1</span> <span class="o" style="font-weight: bold">+</span> <span class="n" style="color: #333">len</span> <span class="o" style="font-weight: bold"><=</span> <span class="k" style="font-weight: bold">sizeof</span><span class="p">(</span><span class="n" style="color: #333">buffer</span><span class="p">));</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6">

<td class="diff-line-num old_line" data-linenumber="1137" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1137

</td>

<td class="diff-line-num new_line" data-linenumber="1136" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1136

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em">

<pre style="margin: 0"> <span id="LC1136" class="line" lang="c">            <span class="o" style="font-weight: bold">*</span><span class="n" style="color: #333">cp</span><span class="o" style="font-weight: bold">++</span> <span class="o" style="font-weight: bold">=</span> <span class="sc" style="color: #d14">'='</span><span class="p">;</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6">

<td class="diff-line-num old_line" data-linenumber="1138" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1138

</td>

<td class="diff-line-num new_line" data-linenumber="1137" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1137

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em">

<pre style="margin: 0"> <span id="LC1137" class="line" lang="c">            <span class="n" style="color: #333">memcpy</span><span class="p">(</span><span class="n" style="color: #333">cp</span><span class="p">,</span> <span class="n" style="color: #333">data</span><span class="p">,</span> <span class="n" style="color: #333">len</span><span class="p">);</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6">

<td class="diff-line-num old_line" data-linenumber="1139" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1139

</td>

<td class="diff-line-num new_line" data-linenumber="1138" style="background: #fafafa; border-right-color: #f0f0f0; border-right-style: solid; border-right-width: 1px; color: rgba(0,0,0,0.3); padding: 0 5px; text-align: right; width: 35px" align="right" bgcolor="#fafafa">

1138

</td>

<td class="line_content noteable_line" style="padding-left: 0.5em; padding-right: 0.5em">

<pre style="margin: 0"> <span id="LC1138" class="line" lang="c">            <span class="n" style="color: #333">cp</span> <span class="o" style="font-weight: bold">+=</span> <span class="n" style="color: #333">len</span><span class="p">;</span></span>

</pre>

</td>

</tr>

</table>

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px">

<p style="color: #777; font-size: small">

—

<br>

<a href="https://gitlab.com/NTPsec/ntpsec/commit/c9d48c3985caf368b927975d18a057477c35e765">View it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://gitlab.com/NTPsec/ntpsec/commit/c9d48c3985caf368b927975d18a057477c35e765"}}</script>

</p>

</div>

</body>

</html>