Hi ! libntp/msyslog.c has a buffer overflow error. Buffer allocated for log messages is 1025 bytes. With longer messages you get an overflow. For a quick test use ntpdate `perl -e "print 'A'x10000"` Here's quick patch: --- xntp3-5.93/libntp/msyslog.c~ Tue Aug 12 09:21:29 1997 +++ xntp3-5.93/libntp/msyslog.c Mon Aug 21 16:10:31 2000 @@ -141,7 +141,8 @@ *n++ = '\n'; *n = '\0'; - vsprintf(buf, nfmt, ap); + /* Oh no ;-) */ + vsnprintf(buf, 1024, nfmt, ap); #if !defined(VMS) && !defined (SYS_VXWORKS) if (syslogit) #ifndef SYS_WINNT -Jarno
ntp-4.0.99j-3 from Pinstripe beta is also affected.
*** Bug 16752 has been marked as a duplicate of this bug. ***
Fixed in ntp-4.0.99j-7. Thanks for the patch.