William Colburn wrote: > The package is newer as of today. True enough, but I have the impression that there are more changes there than just the area of code that's affected by the buffer overflow that triggered the start of this thread. Can anyone confirm this? I've looked and I *believe* the only difference relevant to this discussion between today's ntp-4.0.99k23 and last Friday's is the appended patch. If anyone believes there are more relevant differences could you please point them out? -- ---------------------------------------------------------------------- Sylvain Robitaille sylat_private Systems analyst Concordia University Instructional & Information Technology Montreal, Quebec, Canada ---------------------------------------------------------------------- --- ntpd/ntp_control.c.20010412 Mon Apr 9 15:47:20 2001 +++ ntpd/ntp_control.c Thu Apr 12 17:11:47 2001 @@ -1759,9 +1759,11 @@ } if (cp < reqend) cp++; - *tp = '\0'; - while (isspace(*(tp-1))) - *(--tp) = '\0'; + while (tp > buf) { + *tp-- = '\0'; + if (!isspace((int)(*tp))) + break; + } reqpt = cp; *data = buf; return v;
This archive was generated by hypermail 2b30 : Thu Apr 12 2001 - 23:18:48 PDT