On Sun, Oct 25, 2015 at 11:23:50PM +0100, Kurt Roeckx wrote: > On Mon, Oct 26, 2015 at 06:55:06AM +0900, Ben Hutchings wrote: > > On Sun, 2015-10-25 at 22:45 +0100, Kurt Roeckx wrote: > > > On Mon, Oct 26, 2015 at 06:13:07AM +0900, Ben Hutchings wrote: > > [...] > > > > > While I have addiotional patches for: > > > > > CVE-2014-9750.patch (it was missing 1 patch while it was fixed it > > > > > seems) > > > > > > > > Which is split from CVE-2014-9297. > > > > > > From what I understand CVE-2014-9297 was changed to CVE-2014-9750 > > > and CVE-2014-9298 to CVE-2014-9751 because someone mixed them up. > > > There is nothing split. > > > > > > In any case, there is a patch missing. > > > > OK, which one is that? I looked through the upstream commits for bug > > 2671 and they all seemed to have been included in CVE-2014-9297.patch. > > *look confused* > > At some point 348fc9fa390c7894f589104fbca4d635868b7a45 was > missing. > > But redhat has a diff that looks like: > --- ntp_crypto.c > +++ ntp_crypto.c > @@ -1575,6 +1575,7 @@ > EVP_MD_CTX ctx; /* signature context */ > tstamp_t tstamp; /* NTP timestamp */ > u_int32 temp32; > + u_char *puch; > > /* > * Extract the public key from the request. > @@ -1596,9 +1597,9 @@ > vallen = EVP_PKEY_size(pkey); > vp->vallen = htonl(vallen); > vp->ptr = emalloc(vallen); > - ptr = vp->ptr; > + puch = vp->ptr; > temp32 = htonl(*cookie); > - if (RSA_public_encrypt(4, (u_char *)&temp32, ptr, > + if (RSA_public_encrypt(4, (u_char *)&temp32, puch, > pkey->pkey.rsa, RSA_PKCS1_OAEP_PADDING) <= 0) { > msyslog(LOG_ERR, "crypto_encrypt: %s", > ERR_error_string(ERR_get_error(), NULL)); > > > (Didn't look at what that does yet, looks like part of a change of > a much older commit.)
So the effect of this seems to be that "ptr" which is a parameter to a function isn't use anymore as some pointer. But ptr isn't used anymore at this point, so seems that it doesn't have any effect. Kurt