Package: ntp Version: 4.2.2+dfsg.2-1 Severity: grave Tags: patch
Coin, In the included getnameinfo() compatibility function, an off-by-one may lead to memory corruption and even security issues. A patch is attached. Regards.
--- orig/libntp/ntp_rfc2553.c 2006-09-14 16:21:40.000000000 +0000 +++ new/libntp/ntp_rfc2553.c 2006-09-14 16:22:00.000000000 +0000 @@ -302,7 +302,7 @@ } if (host != NULL) { strncpy(host, hp->h_name, hostlen); - host[hostlen] = '\0'; + host[hostlen - 1] = '\0'; } return (0); }
-- Marc Dequènes (Duck)
pgpQ0RRV7OQmt.pgp
Description: PGP signature