Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
ntp.28894
ntp-CVE-2023-26551.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ntp-CVE-2023-26551.patch of Package ntp.28894
--- libntp/mstolfp.c.orig +++ libntp/mstolfp.c @@ -14,7 +14,7 @@ mstolfp( l_fp *lfp ) { - register const char *cp; + register const char *cp, *end; register char *bp; register const char *cpdec; char buf[100]; @@ -42,6 +42,15 @@ mstolfp( if (*cp != '.' && !isdigit((unsigned char)*cp)) return 0; + /* + * Make sure the buffer has enough room for the input string and the + * extra characters, in the worst case replacing "." with "0.000" + */ + end = cp; + while (isdigit((unsigned char)*end) || *end == '.') + end++; + if (end - cp + 4 >= sizeof (buf) - (bp - buf)) + return 0; /* * Search forward for the decimal point or the end of the string.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
