661934 – ntpd crashes if a machine has more than 512 IPs

Bug 661934 - ntpd crashes if a machine has more than 512 IPs

Summary: ntpd crashes if a machine has more than 512 IPs

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	ntp
Sub Component:
Version:	5.4
Hardware:	All
OS:	All
Priority:	low
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Miroslav Lichvar
QA Contact:	Martin Cermak
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-12-10 01:57 UTC by Lee Revell
Modified:	2018-11-14 15:00 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	The ntpd daemon could terminate unexpectedly with a segmentation fault on a machine with more than 512 local IP addresses. This happened because of a limit set for scanning. With this update, the limit scan has been changed to scan to the maximum number of interfaces and the ntpd daemon no longer crashes in such circumstances.
Clone Of:
Environment:
Last Closed:	2011-07-21 06:44:16 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
limit interface scans to array size (401 bytes, patch) 2011-01-26 13:55 UTC, Martin Poole	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Network Time Protocol	1746	0	None	None	None	Never
Red Hat Product Errata	RHBA-2011:0980	0	normal	SHIPPED_LIVE	ntp bug fix and enhancement update	2011-07-20 15:45:14 UTC

Description Lee Revell 2010-12-10 01:57:27 UTC

Description of problem:
ntpd will segfault on startup if a machine has more than 512 IPs because it uses a 512 element array to store them and there is no bounds checking.

Version-Release number of selected component (if applicable):
5.0 through 5.4 at least

How reproducible:
100&

Steps to Reproduce:
1. Configure more than 512 IP addresses
2. Start ntpd
3. Segfault
  
Actual results:
ntpd segfaults

Expected results:
ntpd works

Additional info:
This is fixed upstream; RHEL should backport the patch.

See https://bugs.ntp.org/show_bug.cgi?id=1746 for gdb proof of this bug

Comment 2 Martin Poole 2011-01-26 13:55:47 UTC

Created attachment 475388 [details]
limit interface scans to array size

Comment 10 Eva Kopalova 2011-06-30 12:44:39 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The ntpd daemon could terminate unexpectedly with a segmentation fault on a machine with more than 512 local IP addresses. This happened because of a limit set for scanning. With this update, the limit scan has been changed to scan to the maximum number of interfaces and the ntpd daemon no longer crashes in such circumstances.

Comment 11 errata-xmlrpc 2011-07-21 06:44:16 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0980.html

Note You need to log in before you can comment on or make changes to this bug.