diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2014-12-20 22:52:39 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2014-12-20 22:52:39 +0000 |
| commit | b5e14a1344528861a7016aa2c6b0f2e9630d1526 (patch) | |
| tree | f04bed14f7e8aed5c0e9d2f7785175c7951036d3 /libntp/authreadkeys.c | |
| parent | 2b45e011ca352ce509bc83ae148230aeee0c7e0d (diff) | |
| download | src-b5e14a1344528861a7016aa2c6b0f2e9630d1526.tar.gz src-b5e14a1344528861a7016aa2c6b0f2e9630d1526.zip | |
Vendor import ntp 4.2.8.vendor/ntp/4.2.8
Reviewed by: roberto
Security: VUXML: 4033d826-87dd-11e4-9079-3c970e169bc2
Security: http://www.kb.cert.org/vuls/id/852879
Security: CVE-2014-9293
Security CVE-2014-9294
Security CVE-2014-9295
Security CVE-2014-9296
Notes
Notes:
svn path=/vendor/ntp/dist/; revision=275970
svn path=/vendor/ntp/4.2.8/; revision=275971; tag=vendor/ntp/4.2.8
Diffstat (limited to 'libntp/authreadkeys.c')
| -rw-r--r-- | libntp/authreadkeys.c | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/libntp/authreadkeys.c b/libntp/authreadkeys.c index 063515ee02c7..9b02119d169a 100644 --- a/libntp/authreadkeys.c +++ b/libntp/authreadkeys.c @@ -12,7 +12,8 @@ #ifdef OPENSSL #include "openssl/objects.h" -#endif /* OPENSSL */ +#include "openssl/evp.h" +#endif /* OPENSSL */ /* Forwards */ static char *nexttok (char **); @@ -34,7 +35,7 @@ nexttok( * Space past white space */ while (*cp == ' ' || *cp == '\t') - cp++; + cp++; /* * Save this and space to end of token @@ -42,19 +43,19 @@ nexttok( starttok = cp; while (*cp != '\0' && *cp != '\n' && *cp != ' ' && *cp != '\t' && *cp != '#') - cp++; + cp++; /* * If token length is zero return an error, else set end of * token to zero and return start. */ if (starttok == cp) - return (NULL); + return NULL; if (*cp == ' ' || *cp == '\t') - *cp++ = '\0'; + *cp++ = '\0'; else - *cp = '\0'; + *cp = '\0'; *str = cp; return starttok; @@ -75,7 +76,7 @@ authreadkeys( keyid_t keyno; int keytype; char buf[512]; /* lots of room for line */ - u_char keystr[20]; + u_char keystr[32]; /* Bug 2537 */ int len; int j; @@ -147,7 +148,7 @@ authreadkeys( "authreadkeys: no algorithm for key %d", keyno); continue; } -#else /* OPENSSL */ +#else /* !OPENSSL follows */ /* * The key type is unused, but is required to be 'M' or @@ -159,7 +160,7 @@ authreadkeys( continue; } keytype = KEY_TYPE_MD5; -#endif /* OPENSSL */ +#endif /* !OPENSSL */ /* * Finally, get key and insert it. If it is longer than 20 @@ -174,7 +175,7 @@ authreadkeys( continue; } len = strlen(token); - if (len <= 20) { + if (len <= 20) { /* Bug 2537 */ MD5auth_setkey(keyno, keytype, (u_char *)token, len); } else { char hex[] = "0123456789abcdef"; @@ -185,17 +186,19 @@ authreadkeys( jlim = min(len, 2 * sizeof(keystr)); for (j = 0; j < jlim; j++) { ptr = strchr(hex, tolower(token[j])); - if (ptr == NULL) { - msyslog(LOG_ERR, - "authreadkeys: invalid hex digit for key %d", keyno); - continue; - } + if (ptr == NULL) + break; /* abort decoding */ temp = (u_char)(ptr - hex); if (j & 1) keystr[j / 2] |= temp; else keystr[j / 2] = temp << 4; } + if (j < jlim) { + msyslog(LOG_ERR, + "authreadkeys: invalid hex digit for key %d", keyno); + continue; + } MD5auth_setkey(keyno, keytype, keystr, jlim / 2); } } |