Bug 661934

Summary: ntpd crashes if a machine has more than 512 IPs
Product: Red Hat Enterprise Linux 5 Reporter: Lee Revell <rlrevell>
Component: ntpAssignee: Miroslav Lichvar <mlichvar>
Status: CLOSED ERRATA QA Contact: Martin Cermak <mcermak>
Severity: medium Docs Contact:
Priority: low    
Version: 5.4CC: azelinka, kmcfate, mcermak, mmatsuya, mpoole, ovasik
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
The ntpd daemon could terminate unexpectedly with a segmentation fault on a machine with more than 512 local IP addresses. This happened because of a limit set for scanning. With this update, the limit scan has been changed to scan to the maximum number of interfaces and the ntpd daemon no longer crashes in such circumstances.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-21 06:44:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
limit interface scans to array size none

Description Lee Revell 2010-12-10 01:57:27 UTC 
Description of problem:
ntpd will segfault on startup if a machine has more than 512 IPs because it uses a 512 element array to store them and there is no bounds checking.

Version-Release number of selected component (if applicable):
5.0 through 5.4 at least

How reproducible:
100&

Steps to Reproduce:
1. Configure more than 512 IP addresses
2. Start ntpd
3. Segfault
  
Actual results:
ntpd segfaults

Expected results:
ntpd works

Additional info:
This is fixed upstream; RHEL should backport the patch.

See https://bugs.ntp.org/show_bug.cgi?id=1746 for gdb proof of this bug
Comment 2 Martin Poole 2011-01-26 13:55:47 UTC 
Created attachment 475388 [details]
limit interface scans to array size
Comment 10 Eva Kopalova 2011-06-30 12:44:39 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The ntpd daemon could terminate unexpectedly with a segmentation fault on a machine with more than 512 local IP addresses. This happened because of a limit set for scanning. With this update, the limit scan has been changed to scan to the maximum number of interfaces and the ntpd daemon no longer crashes in such circumstances.
Comment 11 errata-xmlrpc 2011-07-21 06:44:16 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0980.html