diff options
author | delphij <delphij@FreeBSD.org> | 2016-04-29 08:02:31 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2016-04-29 08:02:31 +0000 |
commit | 39baf3a8165fd1fa06257b6812862e7113c5b905 (patch) | |
tree | 70bef1566f92531ce181ed768429104db003a1fa /contrib/ntp/ntpdate/ntpdate.c | |
parent | b62280e683e2d7abd347a4549c51e086b1b8911a (diff) | |
download | FreeBSD-src-39baf3a8165fd1fa06257b6812862e7113c5b905.zip FreeBSD-src-39baf3a8165fd1fa06257b6812862e7113c5b905.tar.gz |
Fix ntp multiple vulnerabilities.
Approved by: so
Diffstat (limited to 'contrib/ntp/ntpdate/ntpdate.c')
-rw-r--r-- | contrib/ntp/ntpdate/ntpdate.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/contrib/ntp/ntpdate/ntpdate.c b/contrib/ntp/ntpdate/ntpdate.c index a427160..be39cb0 100644 --- a/contrib/ntp/ntpdate/ntpdate.c +++ b/contrib/ntp/ntpdate/ntpdate.c @@ -1247,7 +1247,6 @@ static int clock_adjust(void) { register struct server *sp, *server; - s_fp absoffset; int dostep; for (sp = sys_servers; sp != NULL; sp = sp->next_server) @@ -1270,10 +1269,15 @@ clock_adjust(void) } else if (never_step) { dostep = 0; } else { - absoffset = server->soffset; - if (absoffset < 0) - absoffset = -absoffset; - dostep = (absoffset >= NTPDATE_THRESHOLD || absoffset < 0); + /* [Bug 3023] get absolute difference, avoiding signed + * integer overflow like hell. + */ + u_fp absoffset; + if (server->soffset < 0) + absoffset = 1u + (u_fp)(-(server->soffset + 1)); + else + absoffset = (u_fp)server->soffset; + dostep = (absoffset >= NTPDATE_THRESHOLD); } if (dostep) { |