[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[stalk:00304] Re: ntpd =< 4.0.99k remote buffer overflow
- To: security-talk@xxxxxxxxxxxxxxxxxxxx
- Subject: [stalk:00304] Re: ntpd =< 4.0.99k remote buffer overflow
- From: Seiichi Nakashima <nakasei@xxxxxxxxxxxx>
- Date: Fri, 13 Apr 2001 17:53:38 +0900
中島です。
先ほどのMailに添付されていたPatchを適用したらErrorになりました。
小島殿が差分を取っていただいた中に、同じ修正が含まれているので
すでに修正済と考えて良いのでしょうか? ライン番号が違うのですが、
詳しくソースを見ていないのですみません。
<小島殿の差分リストの抜粋>
diff -ur ntp-4.0.99k23.old/ntpd/ntp_control.c ntp-4.0.99k23/ntpd/ntp_control.c
--- ntp-4.0.99k23.old/ntpd/ntp_control.c Fri Apr 6 06:43:30 2001
+++ ntp-4.0.99k23/ntpd/ntp_control.c Tue Apr 10 05:19:56 2001
@@ -1868,9 +1868,11 @@
}
if (cp < reqend)
cp++;
- *tp = '\0';
- while (isspace((int)(*(tp-1))))
- *(--tp) = '\0';
+ while (tp > buf) {
+ *tp-- = '\0';
+ if (!isspace((int)(*tp)))
+ break;
+ }
reqpt = cp;
*data = buf;
return (v);
=======================================
>中島です。
>
>また、変更のようです。
>
>
>>William Colburn wrote:
>>
>>> The package is newer as of today.
>>
>>True enough, but I have the impression that there are more changes there
>>than just the area of code that's affected by the buffer overflow that
>>triggered the start of this thread. Can anyone confirm this?
>>
>>I've looked and I *believe* the only difference relevant to this
>>discussion between today's ntp-4.0.99k23 and last Friday's is the
>>appended patch. If anyone believes there are more relevant differences
>>could you please point them out?
>>
>>--
>>----------------------------------------------------------------------
>>Sylvain Robitaille syl@xxxxxxxxxxxxxxxxxx
>>
>>Systems analyst Concordia University
>>Instructional & Information Technology Montreal, Quebec, Canada
>>----------------------------------------------------------------------
>>
>>--- ntpd/ntp_control.c.20010412 Mon Apr 9 15:47:20 2001
>>+++ ntpd/ntp_control.c Thu Apr 12 17:11:47 2001
>>@@ -1759,9 +1759,11 @@
>> }
>> if (cp < reqend)
>> cp++;
>>- *tp = '\0';
>>- while (isspace(*(tp-1)))
>>- *(--tp) = '\0';
>>+ while (tp > buf) {
>>+ *tp-- = '\0';
>>+ if (!isspace((int)(*tp)))
>>+ break;
>>+ }
>> reqpt = cp;
>> *data = buf;
>> return v;
>>
>
------------------------------
Name : Seiichi Nakashima
E-Mail : nakasei@xxxxxxxxxxxx
------------------------------
--
- このメイリングリストに関する質問・問い合せ等は
- <security-talk@xxxxxxxxxx>までお知らせください
--
------------------------------------------------------------------------
◆ダイエットの味方カプサイシン、何のことだか説明できる?
http://www.infoseek.co.jp/GHome?pg=gn_top.html&svx=971122