Merge r191298 into HEAD.

Prevent a buffer overflow in ntpq. Patch taken from the PR database after being committed to the official ntp tree and present in 4.2.4p7-rc2. It will be MFH to the upcoming 7.2 pending re approval. Obtained from: https://support.ntp.org/bugs/show_bug.cgi?id=1144 MFC after: 3 days Security: http://www.securityfocus.com/bid/34481 CVE-2009-0159
author: roberto <roberto@FreeBSD.org> 2009-04-20 09:59:08 +0000
committer: roberto <roberto@FreeBSD.org> 2009-04-20 09:59:08 +0000
commit: d0b7303e63a3e049434805f73f43f982599f7cc0 (patch)
tree: c02563594d9600bd6ed3da510d0aaf22dd72c985 /contrib/ntp/ntpq
parent: 77dde87e614931b4a487e724c03c1187d87220af (diff)
download: FreeBSD-src-d0b7303e63a3e049434805f73f43f982599f7cc0.zip
FreeBSD-src-d0b7303e63a3e049434805f73f43f982599f7cc0.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/contrib/ntp/ntpq/ntpq.c b/contrib/ntp/ntpq/ntpq.c
index 9137940..4835d7e 100644
--- a/contrib/ntp/ntpq/ntpq.c
+++ b/contrib/ntp/ntpq/ntpq.c
@@ -3185,9 +3185,9 @@ cookedprint(
 				if (!decodeuint(value, &uval))
 				    output_raw = '?';
 				else {
-					char b[10];
+					char b[12];
 
-					(void) sprintf(b, "%03lo", uval);
+					(void) snprintf(b, sizeof(b), "%03lo", uval);
 					output(fp, name, b);
 				}
 				break;
author	roberto <roberto@FreeBSD.org>	2009-04-20 09:59:08 +0000
committer	roberto <roberto@FreeBSD.org>	2009-04-20 09:59:08 +0000
commit	d0b7303e63a3e049434805f73f43f982599f7cc0 (patch)
tree	c02563594d9600bd6ed3da510d0aaf22dd72c985 /contrib/ntp/ntpq
parent	77dde87e614931b4a487e724c03c1187d87220af (diff)
download	FreeBSD-src-d0b7303e63a3e049434805f73f43f982599f7cc0.zip FreeBSD-src-d0b7303e63a3e049434805f73f43f982599f7cc0.tar.gz