can't identify protocol.
** Affects: ntp (Ubuntu)
Importance: Undecided
Assignee: eric.desrochers (eric-desrochers-z)
Status: New
** Changed in: ntp (Ubuntu)
Assignee: (unassigned) => eric.desrochers (eric-desrochers-z)
** Summary changed:
- Use-after-free in ro
** Changed in: ntp (Ubuntu)
Importance: Undecided => Low
** Changed in: ntp (Ubuntu)
Milestone: None => ubuntu-12.04.5
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title
The remove_ and delete_ functions remove the current element from the
asyncio_reader_list, and free it, respectively.
We then return back to the loop at the top, wherein the asyncio_reader variable
still points at the now-freed element,
whose contents are now scrambled by having link pointers, et
** Changed in: ntp (Ubuntu)
Milestone: ubuntu-12.04.5 => trusty-updates
** Changed in: ntp (Ubuntu)
Milestone: trusty-updates => None
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bug
** Changed in: ntp (Ubuntu Trusty)
Assignee: (unassigned) => eric.desrochers (eric-desrochers-z)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1481388
Title:
NTP : Use-after-f
Unfortunately, I can't reproduce the behaviour on my side.
I'm providing a hotfix[1] based on the upstream commit[2] that addressed the
issue.
If you can reproduce the problem, please test the hotfix and provide
feedbacks.
[1] https://launchpad.net/~eric-desrochers-z/+archive/ubuntu/lp1481388/+p
