← Back to branch summary

~ubuntu-branches/debian/squeeze/ntp/squeeze-201010051545

« back to all changes in this revision

Viewing changes to libntp/socktoa.c

  • Committer: Bazaar Package Importer
  • Author(s): Kurt Roeckx
  • Date: 2009-01-05 21:10:03 UTC
  • mfrom: (1.2.4 upstream)
  • Revision ID: james.westby@ubuntu.com-20090105211003-mh6zc3um4k1uhsj7
Tags: 1:4.2.4p4+dfsg-8
It did not properly check the return value of EVP_VerifyFinal
which results in an malformed DSA signature being treated as
a good signature rather than as an error.  (CVE-2009-0021)

Show diffs side-by-side

added added

removed removed

Lines of Context:
libntp/socktoa.c
6
6
 
7
7
#include <sys/types.h>
8
8
#include <sys/socket.h>
9
 
#include <netdb.h>
10
9
#include <netinet/in.h>
11
10
 
12
11
#include <arpa/inet.h>
31
30
 
32
31
        LIB_GETBUF(buffer);
33
32
 
34
 
        if (sock == NULL) printf("null");
35
 
 
36
 
        switch(sock->ss_family) {
37
 
 
 
33
        if (sock == NULL)
 
34
                strcpy(buffer, "null");
 
35
        else
 
36
        {
 
37
 
 
38
                switch(sock->ss_family) {
 
39
 
 
40
                default:
38
41
                case AF_INET :
39
42
                        inet_ntop(AF_INET, &GET_INADDR(*sock), buffer,
40
43
                            LIB_BUFLENGTH);
43
46
                case AF_INET6 :
44
47
                        inet_ntop(AF_INET6, &GET_INADDR6(*sock), buffer,
45
48
                            LIB_BUFLENGTH);
 
49
#if 0
 
50
                default:
 
51
                        strcpy(buffer, "unknown");
 
52
#endif
 
53
                }
46
54
        }
47
55
        return buffer;
48
56
}