← Back to branch summary

~ubuntu-branches/debian/squeeze/ntp/squeeze-201010051545

« back to all changes in this revision

Viewing changes to ntpdate/ntptimeset.c

  • Committer: Bazaar Package Importer
  • Author(s): Kurt Roeckx
  • Date: 2009-01-05 21:10:03 UTC
  • mfrom: (1.2.4 upstream)
  • Revision ID: james.westby@ubuntu.com-20090105211003-mh6zc3um4k1uhsj7
Tags: 1:4.2.4p4+dfsg-8
It did not properly check the return value of EVP_VerifyFinal
which results in an malformed DSA signature being treated as
a good signature rather than as an error.  (CVE-2009-0021)

Show diffs side-by-side

added added

removed removed

Lines of Context:
ntpdate/ntptimeset.c
141
141
#include <signal.h>
142
142
#include <ctype.h>
143
143
#ifndef SYS_WINNT
144
 
# include <netdb.h>
145
144
# ifdef HAVE_SYS_SIGNAL_H
146
145
#  include <sys/signal.h>
147
146
# else
403
402
        )
404
403
{
405
404
        int was_alarmed;
406
 
        struct recvbuf *rbuflist;
 
405
        int tot_recvbufs;
407
406
        struct recvbuf *rbuf;
408
407
        l_fp tmp;
409
408
        int errflg;
646
645
         * yet to learn about anything else that is.
647
646
         */
648
647
        was_alarmed = 0;
649
 
        rbuflist = (struct recvbuf *)0;
650
648
        while (finish_time > current_time) {
651
649
#if !defined(HAVE_SIGNALED_IO) 
652
650
                fd_set rdfdes;
655
653
                block_io_and_alarm();
656
654
#endif
657
655
 
658
 
                rbuflist = getrecvbufs();       /* get received buffers */
 
656
                tot_recvbufs = full_recvbuffs();        /* get received buffers */
659
657
                if (printmsg) {
660
658
                        printmsg = 0;
661
659
                        analysis(0);
665
663
                        alarm_flag = 0;
666
664
                }
667
665
 
668
 
                if (!was_alarmed && rbuflist == (struct recvbuf *)0) {
 
666
                if (!was_alarmed && tot_recvbufs > 0) {
669
667
                        /*
670
668
                         * Nothing to do.  Wait for something.
671
669
                         */
705
703
                                was_alarmed = 1;
706
704
                                alarm_flag = 0;
707
705
                        }
708
 
                        rbuflist = getrecvbufs();  /* get received buffers */
 
706
                        tot_recvbufs = full_recvbuffs();  /* get received buffers */
709
707
                }
710
708
#ifdef HAVE_SIGNALED_IO
711
709
                unblock_io_and_alarm();
725
723
                 * Call the data procedure to handle each received
726
724
                 * packet.
727
725
                 */
728
 
                while (rbuflist != (struct recvbuf *)0)
 
726
                rbuf = get_full_recv_buffer();
 
727
                while (rbuf != NULL)
729
728
                {
730
 
                        rbuf = rbuflist;
731
 
                        rbuflist = rbuf->next;
732
729
                        receive(rbuf);
733
730
                        freerecvbuf(rbuf);
 
731
                        rbuf = get_full_recv_buffer();
734
732
                }
735
 
#if defined DEBUG && defined SYS_WINNT
736
 
                if (debug > 4)
737
 
                    printf("getrecvbufs: %ld handler interrupts, %ld frames\n",
738
 
                           handler_calls, handler_pkts);
739
 
#endif
740
733
 
741
734
                /*
742
735
                 * Do we have enough information to stop now?