commit ntp for openSUSE:Factory

Sat, 06 May 2023 13:09:52 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package ntp for openSUSE:Factory checked in 
at 2023-05-06 22:09:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ntp (Old)
 and      /work/SRC/openSUSE:Factory/.ntp.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ntp"

Sat May  6 22:09:41 2023 rev:136 rq:1085150 version:4.2.8p15

Changes:
--------
--- /work/SRC/openSUSE:Factory/ntp/ntp.changes  2023-02-11 21:57:41.747761646 
+0100
+++ /work/SRC/openSUSE:Factory/.ntp.new.1533/ntp.changes        2023-05-06 
22:09:42.756890724 +0200
@@ -1,0 +2,7 @@
+Fri May  5 13:55:24 UTC 2023 - Reinhard Max <m...@suse.com>
+
+- bsc#1210386: out-of-bounds writes in mstolfp()
+  * CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554
+  * Add ntp-CVE-2023-26551.patch
+
+-------------------------------------------------------------------

New:
----
  ntp-CVE-2023-26551.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ntp.spec ++++++
--- /var/tmp/diff_new_pack.7QyNDt/_old  2023-05-06 22:09:43.572895266 +0200
+++ /var/tmp/diff_new_pack.7QyNDt/_new  2023-05-06 22:09:43.580895311 +0200
@@ -60,6 +60,7 @@
 Patch33:        ntp-sntp-libevent.patch
 Patch34:        testdcf-gude.diff
 Patch35:        ntp-clarify-interface.patch
+Patch36:        ntp-CVE-2023-26551.patch
 
 BuildRequires:  avahi-compat-mDNSResponder-devel
 BuildRequires:  fdupes
@@ -148,6 +149,7 @@
 %patch33
 %patch34 -p1
 %patch35
+%patch36
 
 # fix DOS line breaks
 sed -i 's/\r//g' html/scripts/{footer.txt,style.css}

++++++ ntp-CVE-2023-26551.patch ++++++
--- libntp/mstolfp.c.orig
+++ libntp/mstolfp.c
@@ -14,7 +14,7 @@ mstolfp(
        l_fp *lfp
        )
 {
-       register const char *cp;
+       register const char *cp, *end;
        register char *bp;
        register const char *cpdec;
        char buf[100];
@@ -42,6 +42,15 @@ mstolfp(
        if (*cp != '.' && !isdigit((unsigned char)*cp))
            return 0;
 
+       /*
+        * Make sure the buffer has enough room for the input string and the
+        * extra characters, in the worst case replacing "." with "0.000"
+        */
+       end = cp;
+       while (isdigit((unsigned char)*end) || *end == '.')
+           end++;
+       if (end - cp + 4 >= sizeof (buf) - (bp - buf))
+           return 0;
 
        /*
         * Search forward for the decimal point or the end of the string.

Reply via email to