Package: ntp Version: 4.2.2+dfsg.2-1 Severity: grave Tags: patch
Coin, In the included getnameinfo() compatibility function, an off-by-one may lead to memory corruption and even security issues. A patch is attached. Regards.
--- orig/libntp/ntp_rfc2553.c 2006-09-14 16:21:40.000000000 +0000
+++ new/libntp/ntp_rfc2553.c 2006-09-14 16:22:00.000000000 +0000
@@ -302,7 +302,7 @@
}
if (host != NULL) {
strncpy(host, hp->h_name, hostlen);
- host[hostlen] = '\0';
+ host[hostlen - 1] = '\0';
}
return (0);
}
-- Marc Dequènes (Duck)
pgpQ0RRV7OQmt.pgp
Description: PGP signature
