Package: adjtimex
Version: 1.29-2.1
Severity: normal
Tags: patch
adjtimex does not check the return value of stat() and uses possibly
uninitialized memory.
-- System Information:
Debian Release: 6.0.5
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages adjtimex depends on:
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
adjtimex recommends no packages.
Versions of packages adjtimex suggests:
ii ntpdate 1:4.2.6.p2+dfsg-1+b1 client for setting system time fro
-- debconf information:
* adjtimex/compare_rtc: false
* adjtimex/run_daemon: true
--- adjtimex.c.bad 2012-09-27 07:55:33.000000000 +0200
+++ adjtimex.c 2012-09-27 07:57:12.000000000 +0200
@@ -1408,8 +1408,7 @@
for (i=0; i<sizeof(paths)/sizeof(paths[0]); i++)
{
- stat(paths[i], &filestat);
- if (S_ISREG(filestat.st_mode))
+ if (0 == stat(paths[i], &filestat) && S_ISREG(filestat.st_mode))
goto found_ntpdate;
}
failntpdate("cannot find ntpdate");
