diff options
Diffstat (limited to 'contrib/ntp/ntpd/ntp_control.c')
-rw-r--r-- | contrib/ntp/ntpd/ntp_control.c | 139 |
1 files changed, 76 insertions, 63 deletions
diff --git a/contrib/ntp/ntpd/ntp_control.c b/contrib/ntp/ntpd/ntp_control.c index d98f6aa..49a197e 100644 --- a/contrib/ntp/ntpd/ntp_control.c +++ b/contrib/ntp/ntpd/ntp_control.c @@ -916,7 +916,7 @@ is_safe_filename(const char * name) u_int widx, bidx, mask; if ( ! (name && *name)) return FALSE; - + mask = 1u; while (0 != (widx = (u_char)*name++)) { bidx = (widx & 15) << 1; @@ -955,7 +955,7 @@ save_config( * level. On POSIX systems we could allow '\\' but such * filenames are tricky to manipulate from a shell, so just * reject both types of slashes on all platforms. - */ + */ /* TALOS-CAN-0062: block directory traversal for VMS, too */ static const char * illegal_in_filename = #if defined(VMS) @@ -983,8 +983,8 @@ save_config( # if defined(_O_TEXT) /* windows, again */ | _O_TEXT #endif - ; - + ; + char filespec[128]; char filename[128]; char fullpath[512]; @@ -1046,7 +1046,7 @@ save_config( /* copy data directly as we exactly know the size */ memcpy(filespec, reqpt, reqlen); filespec[reqlen] = '\0'; - + /* * allow timestamping of the saved config filename with * strftime() format such as: @@ -1110,7 +1110,7 @@ save_config( */ prc = snprintf(fullpath, sizeof(fullpath), "%s%s", saveconfigdir, filename); - if (prc < 0 || prc >= sizeof(fullpath)) { + if (prc < 0 || (size_t)prc >= sizeof(fullpath)) { ctl_printf("saveconfig exceeded maximum path length (%u)", (u_int)sizeof(fullpath)); ctl_flushpkt(0); @@ -1127,8 +1127,8 @@ save_config( fptr = fdopen(fd, "w"); if (NULL == fptr || -1 == dump_all_config_trees(fptr, 1)) { - ctl_printf("Unable to save configuration to file '%s': %m", - filename); + ctl_printf("Unable to save configuration to file '%s': %s", + filename, strerror(errno)); msyslog(LOG_ERR, "saveconfig %s from %s failed", filename, stoa(&rbufp->recv_srcadr)); @@ -1154,7 +1154,7 @@ save_config( #else /* !SAVECONFIG follows */ ctl_printf("%s", "saveconfig unavailable, configured with --disable-saveconfig"); -#endif +#endif ctl_flushpkt(0); } @@ -1506,11 +1506,11 @@ ctl_putdata_ex( } else { datanotbinflag = TRUE; add_len = 3; - + if (datasent) { *datapt++ = ','; datalinelen++; - + /* sum up total length */ for (argi = 0, src_len = 0; argi < argc; ++argi) src_len += argv[argi].len; @@ -1539,14 +1539,14 @@ ctl_putdata_ex( /* Not enough room in this one, flush it out. */ if (src_len < cur_len) cur_len = src_len; - + memcpy(datapt, src_ptr, cur_len); datapt += cur_len; datalinelen += cur_len; src_ptr += cur_len; src_len -= cur_len; - + ctl_flushpkt(CTL_MORE); cur_len = (size_t)(dataend - datapt); } @@ -1571,7 +1571,7 @@ ctl_putdata( ) { CtlMemBufT args[1]; - + args[0].buf = dp; args[0].len = dlen; ctl_putdata_ex(args, 1, bin); @@ -1594,7 +1594,7 @@ ctl_putstr( ) { CtlMemBufT args[4]; - + args[0].buf = tag; args[0].len = strlen(tag); if (data && len) { @@ -1606,7 +1606,9 @@ ctl_putstr( args[3].len = 1; ctl_putdata_ex(args, 4, FALSE); } else { - ctl_putdata_ex(args, 1, FALSE); + args[1].buf = "=\"\""; + args[1].len = 3; + ctl_putdata_ex(args, 2, FALSE); } } @@ -1628,17 +1630,17 @@ ctl_putunqstr( ) { CtlMemBufT args[3]; - + args[0].buf = tag; args[0].len = strlen(tag); + args[1].buf = "="; + args[1].len = 1; if (data && len) { - args[1].buf = "="; - args[1].len = 1; - args[2].buf = data; - args[2].len = len; - ctl_putdata_ex(args, 3, FALSE); + args[2].buf = data; + args[2].len = len; + ctl_putdata_ex(args, 3, FALSE); } else { - ctl_putdata_ex(args, 1, FALSE); + ctl_putdata_ex(args, 2, FALSE); } } @@ -1656,7 +1658,7 @@ ctl_putdblf( { char buffer[40]; int rc; - + rc = snprintf(buffer, sizeof(buffer), (use_f ? "%.*f" : "%.*g"), precision, d); @@ -1677,7 +1679,7 @@ ctl_putuint( int rc; rc = snprintf(buffer, sizeof(buffer), "%lu", uval); - INSIST(rc >= 0 && rc < sizeof(buffer)); + INSIST(rc >= 0 && (size_t)rc < sizeof(buffer)); ctl_putunqstr(tag, buffer, rc); } @@ -1716,7 +1718,7 @@ ctl_putfs( { char buffer[16]; int rc; - + time_t fstamp = (time_t)uval - JAN_1970; struct tm *tm = gmtime(&fstamp); @@ -1744,7 +1746,7 @@ ctl_puthex( { char buffer[24]; /* must fit 64bit int! */ int rc; - + rc = snprintf(buffer, sizeof(buffer), "0x%lx", uval); INSIST(rc >= 0 && (size_t)rc < sizeof(buffer)); ctl_putunqstr(tag, buffer, rc); @@ -1762,9 +1764,9 @@ ctl_putint( { char buffer[24]; /*must fit 64bit int */ int rc; - + rc = snprintf(buffer, sizeof(buffer), "%ld", ival); - INSIST(rc >= 0 && rc < sizeof(buffer)); + INSIST(rc >= 0 && (size_t)rc < sizeof(buffer)); ctl_putunqstr(tag, buffer, rc); } @@ -1780,7 +1782,7 @@ ctl_putts( { char buffer[24]; int rc; - + rc = snprintf(buffer, sizeof(buffer), "0x%08lx.%08lx", (u_long)ts->l_ui, (u_long)ts->l_uf); @@ -1800,7 +1802,7 @@ ctl_putadr( ) { const char *cq; - + if (NULL == addr) cq = numtoa(addr32); else @@ -1827,7 +1829,9 @@ ctl_putrefid( bytes.w = refid; for (nc = 0; nc < sizeof(bytes.b) && bytes.b[nc]; ++nc) - if (!isprint(bytes.b[nc])) + if ( !isprint(bytes.b[nc]) + || isspace(bytes.b[nc]) + || bytes.b[nc] == ',' ) bytes.b[nc] = '.'; ctl_putunqstr(tag, (const char*)bytes.b, nc); } @@ -1874,11 +1878,11 @@ ctl_printf( va_list va; char fmtbuf[128]; int rc; - + va_start(va, fmt); rc = vsnprintf(fmtbuf, sizeof(fmtbuf), fmt, va); va_end(va); - if (rc < 0 || rc >= sizeof(fmtbuf)) + if (rc < 0 || (size_t)rc >= sizeof(fmtbuf)) strcpy(fmtbuf + sizeof(fmtbuf) - strlen(ellipsis) - 1, ellipsis); ctl_putdata(fmtbuf, strlen(fmtbuf), 0); @@ -1906,11 +1910,13 @@ ctl_putsys( static struct timex ntx; static u_long ntp_adjtime_time; - static const double to_ms = + static const double to_ms_usec = + 1.0e-3; /* usec to msec */ + static const double to_ms_nusec = # ifdef STA_NANO 1.0e-6; /* nsec to msec */ # else - 1.0e-3; /* usec to msec */ + to_ms_usec; # endif /* @@ -1951,10 +1957,10 @@ ctl_putsys( break; case CS_REFID: - if (sys_stratum > 1 && sys_stratum < STRATUM_UNSPEC) - ctl_putadr(sys_var[varid].text, sys_refid, NULL); - else + if (REFID_ISTEXT(sys_stratum)) ctl_putrefid(sys_var[varid].text, sys_refid); + else + ctl_putadr(sys_var[varid].text, sys_refid, NULL); break; case CS_REFTIME: @@ -2315,7 +2321,7 @@ ctl_putsys( case CS_K_OFFSET: CTL_IF_KERNLOOP( ctl_putdblf, - (sys_var[varid].text, 0, -1, to_ms * ntx.offset) + (sys_var[varid].text, 0, -1, to_ms_nusec * ntx.offset) ); break; @@ -2330,7 +2336,7 @@ ctl_putsys( CTL_IF_KERNLOOP( ctl_putdblf, (sys_var[varid].text, 0, 6, - to_ms * ntx.maxerror) + to_ms_usec * ntx.maxerror) ); break; @@ -2338,7 +2344,7 @@ ctl_putsys( CTL_IF_KERNLOOP( ctl_putdblf, (sys_var[varid].text, 0, 6, - to_ms * ntx.esterror) + to_ms_usec * ntx.esterror) ); break; @@ -2362,7 +2368,7 @@ ctl_putsys( CTL_IF_KERNLOOP( ctl_putdblf, (sys_var[varid].text, 0, 6, - to_ms * ntx.precision) + to_ms_usec * ntx.precision) ); break; @@ -2390,7 +2396,7 @@ ctl_putsys( case CS_K_PPS_JITTER: CTL_IF_KERNPPS( ctl_putdbl, - (sys_var[varid].text, to_ms * ntx.jitter) + (sys_var[varid].text, to_ms_nusec * ntx.jitter) ); break; @@ -2678,11 +2684,10 @@ ctl_putpeer( break; } #endif - if (p->stratum > 1 && p->stratum < STRATUM_UNSPEC) - ctl_putadr(peer_var[id].text, p->refid, - NULL); - else + if (REFID_ISTEXT(p->stratum)) ctl_putrefid(peer_var[id].text, p->refid); + else + ctl_putadr(peer_var[id].text, p->refid, NULL); break; case CP_REFTIME: @@ -3061,7 +3066,7 @@ ctl_getitem( * packet; If it's EOV, it will never be NULL again until the * variable is found and processed in a given 'var_list'. (That * is, a result is returned that is neither NULL nor EOV). - */ + */ static const struct ctl_var eol = { 0, EOV, NULL }; static char buf[128]; static u_long quiet_until; @@ -3101,7 +3106,7 @@ ctl_getitem( ++plhead; while (plhead != pltail && isspace((u_char)pltail[-1])) --pltail; - + /* check payload size, terminate packet on overflow */ plsize = (size_t)(pltail - plhead); if (plsize >= sizeof(buf)) @@ -3126,7 +3131,7 @@ ctl_getitem( * variable lists after an EoV was returned. (Such a behavior * actually caused Bug 3008.) */ - + if (NULL == var_list) return &eol; @@ -3443,11 +3448,11 @@ write_variables( * Look through the variables. Dump out at the first sign of * trouble. */ - while ((v = ctl_getitem(sys_var, &valuep)) != 0) { + while ((v = ctl_getitem(sys_var, &valuep)) != NULL) { ext_var = 0; if (v->flags & EOV) { - if ((v = ctl_getitem(ext_sys_var, &valuep)) != - 0) { + v = ctl_getitem(ext_sys_var, &valuep); + if (v != NULL) { if (v->flags & EOV) { ctl_error(CERR_UNKNOWNVAR); return; @@ -3461,16 +3466,24 @@ write_variables( ctl_error(CERR_PERMISSION); return; } - if (!ext_var && (*valuep == '\0' || !atoint(valuep, - &val))) { + /* [bug 3565] writing makes sense only if we *have* a + * value in the packet! + */ + if (valuep == NULL) { ctl_error(CERR_BADFMT); return; } - if (!ext_var && (val & ~LEAP_NOTINSYNC) != 0) { - ctl_error(CERR_BADVALUE); - return; + if (!ext_var) { + if ( !(*valuep && atoint(valuep, &val))) { + ctl_error(CERR_BADFMT); + return; + } + if ((val & ~LEAP_NOTINSYNC) != 0) { + ctl_error(CERR_BADVALUE); + return; + } } - + if (ext_var) { octets = strlen(v->text) + strlen(valuep) + 2; vareqv = emalloc(octets); @@ -3647,7 +3660,7 @@ static u_int32 derive_nonce( /* [Bug 3457] set flags and don't kill them again */ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); EVP_DigestInit_ex(ctx, EVP_get_digestbynid(NID_md5), NULL); -# else +# else EVP_DigestInit(ctx, EVP_get_digestbynid(NID_md5)); # endif EVP_DigestUpdate(ctx, salt, sizeof(salt)); @@ -3944,7 +3957,7 @@ static void read_mru_list( int restrict_mask ) { - static const char nulltxt[1] = { '\0' }; + static const char nulltxt[1] = { '\0' }; static const char nonce_text[] = "nonce"; static const char frags_text[] = "frags"; static const char limit_text[] = "limit"; @@ -3954,7 +3967,7 @@ static void read_mru_list( static const char maxlstint_text[] = "maxlstint"; static const char laddr_text[] = "laddr"; static const char resaxx_fmt[] = "0x%hx"; - + u_int limit; u_short frags; u_short resall; |