[20121] in bugtraq
Re: ntpd =< 4.0.99k remote buffer overflow
daemon@ATHENA.MIT.EDU (Maciej W. Rozycki)
Mon Apr 9 21:43:25 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.GSO.3.96.1010409131846.9470D-100000@delta.ds2.pg.gda.pl>
Date: Mon, 9 Apr 2001 13:54:46 +0200
Reply-To: "Maciej W. Rozycki" <macro@DS2.PG.GDA.PL>
From: "Maciej W. Rozycki" <macro@DS2.PG.GDA.PL>
X-To: Erik Fichtner <techs@obfuscation.org>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010406224349.V1715@obfuscation.org>
On Fri, 6 Apr 2001, Erik Fichtner wrote:
> + /* avoid buffer overflow */
> + if (tp > buf + sizeof(buf)) return(0);
> + }
There is an off-by-one error here. The above conditional should read as
follows:
if (tp >= buf + sizeof(buf)) return(0);
--
+ Maciej W. Rozycki, Technical University of Gdansk, Poland +
+--------------------------------------------------------------+
+ e-mail: macro@ds2.pg.gda.pl, PGP key available +
