Bug 661934 - ntpd crashes if a machine has more than 512 IPs
ntpd crashes if a machine has more than 512 IPs
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: ntp (Show other bugs)
5.4
All All
low Severity medium
: rc
: ---
Assigned To: Miroslav Lichvar
Martin Cermak
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-12-09 20:57 EST by Lee Revell
Modified: 2011-07-21 02:44 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The ntpd daemon could terminate unexpectedly with a segmentation fault on a machine with more than 512 local IP addresses. This happened because of a limit set for scanning. With this update, the limit scan has been changed to scan to the maximum number of interfaces and the ntpd daemon no longer crashes in such circumstances.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-07-21 02:44:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
limit interface scans to array size (401 bytes, patch)
2011-01-26 08:55 EST, Martin Poole
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Network Time Protocol 1746 None None None Never

  None (edit)
Description Lee Revell 2010-12-09 20:57:27 EST
Description of problem:
ntpd will segfault on startup if a machine has more than 512 IPs because it uses a 512 element array to store them and there is no bounds checking.

Version-Release number of selected component (if applicable):
5.0 through 5.4 at least

How reproducible:
100&

Steps to Reproduce:
1. Configure more than 512 IP addresses
2. Start ntpd
3. Segfault
  
Actual results:
ntpd segfaults

Expected results:
ntpd works

Additional info:
This is fixed upstream; RHEL should backport the patch.

See https://bugs.ntp.org/show_bug.cgi?id=1746 for gdb proof of this bug
Comment 2 Martin Poole 2011-01-26 08:55:47 EST
Created attachment 475388 [details]
limit interface scans to array size
Comment 10 Eva Kopalova 2011-06-30 08:44:39 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The ntpd daemon could terminate unexpectedly with a segmentation fault on a machine with more than 512 local IP addresses. This happened because of a limit set for scanning. With this update, the limit scan has been changed to scan to the maximum number of interfaces and the ntpd daemon no longer crashes in such circumstances.
Comment 11 errata-xmlrpc 2011-07-21 02:44:16 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0980.html

Note You need to log in before you can comment on or make changes to this bug.