better fix

2001-04-06 13:40:17 +00:00 · 2001-04-06 13:40:17 +00:00 · bb1525b92f
commit bb1525b92f
parent b90a3531da
2 changed files with 41 additions and 19 deletions
--- a/net/ntp/Makefile
+++ b/net/ntp/Makefile
@ -1,9 +1,8 @@
-# $OpenBSD: Makefile,v 1.10 2001/04/05 14:16:16 danh Exp $
+# $OpenBSD: Makefile,v 1.11 2001/04/06 13:40:17 danh Exp $

 COMMENT=	network time protocol implementation
 COMMENT-doc=	network time protocol documentation

-BROKEN=		"May be holed"
 VERSION=	4.0.99k
 DISTNAME=	ntp-${VERSION}
 CATEGORIES=	net
--- a/net/ntp/patches/patch-ntpd_ntp_control_c
+++ b/net/ntp/patches/patch-ntpd_ntp_control_c
@ -1,24 +1,47 @@
-$OpenBSD: patch-ntpd_ntp_control_c,v 1.1 2001/04/05 13:56:54 danh Exp $
--- ntpd/ntp_control.c.orig	Sat Jul 15 10:46:05 2000
-+++ ntpd/ntp_control.c	Thu Apr  5 09:40:13 2001
-@@ -1821,9 +1821,18 @@ ctl_getitem(
+$OpenBSD: patch-ntpd_ntp_control_c,v 1.2 2001/04/06 13:40:18 danh Exp $
+--- ntpd/ntp_control.c.orig	Thu Apr  5 22:38:59 2001
+++ ntpd/ntp_control.c	Thu Apr  5 22:57:03 2001
+@@ -1782,7 +1782,7 @@ ctl_getitem(
+ 	 * Delete leading commas and white space
+ 	 */
+ 	while (reqpt < reqend && (*reqpt == ',' ||
+-	    isspace((int)*reqpt)))
+	    isspace((unsigned char)*reqpt)))
+ 		reqpt++;
+ 	if (reqpt >= reqend)
+ 		return (0);
+@@ -1805,7 +1805,8 @@ ctl_getitem(
+ 				tp++;
+ 			}
+ 			if ((*tp == '\0') || (*tp == '=')) {
+-				while (cp < reqend && isspace((int)*cp))
+				while (cp < reqend 
+				    && isspace((unsigned char)*cp))
+ 					cp++;
+ 				if (cp == reqend || *cp == ',') {
+ 					buf[0] = '\0';
+@@ -1819,16 +1820,18 @@ ctl_getitem(
+ 					cp++;
+ 					tp = buf;
 					while (cp < reqend &&
- 					    isspace((int)*cp))
+-					    isspace((int)*cp))
+					    isspace((unsigned char)*cp))
 						cp++;
 -					while (cp < reqend && *cp !=
 -					    ',')
-+					while (cp < reqend && *cp != ',') {
+					while (cp < reqend 
+					    && *cp != ','
+					    && tp < buf + sizeof(buf) - 1)
 						*tp++ = *cp++;
-+						if (tp > buf + sizeof(buf)) {
-+							msyslog(LOG_WARNING, "Attempted \"ntpdx\" exploit from IP %d.%d.%d.%d:%d (possibly spoofed)\n",
-+    (ntohl(rmt_addr->sin_addr.s_addr) >> 24) & 0xff,
-+    (ntohl(rmt_addr->sin_addr.s_addr) >> 16) & 0xff,
-+    (ntohl(rmt_addr->sin_addr.s_addr) >> 8) & 0xff,
-+    (ntohl(rmt_addr->sin_addr.s_addr) >> 0) & 0xff,
-+    ntohs(rmt_addr->sin_port) );
-+                                                	return 0;
-+                                        	}
-+					}
 					if (cp < reqend)
 						cp++;
- 					*tp = '\0';
+-					*tp = '\0';
+-					while (isspace((int)(*(tp-1))))
+-						*(--tp) = '\0';
+					*tp-- = '\0';
+					while (tp >= buf 
+					    && isspace((unsigned char)*tp))
+						*tp-- = '\0';
+ 					reqpt = cp;
+ 					*data = buf;
+ 					return (v);