2
# Upstream: https://support.ntp.org/bugs/show_bug.cgi?id=1144
3
# Patch: http://ntp.bkbits.net:8080/ntp-stable/?PAGE=gnupatch&REV=1.1565
4
# Description: [Sec 1144] limited buffer overflow in ntpq. CVE-2009-0159
6
diff -Nur ntp-4.2.4p6+dfsg/ntpq/ntpq.c ntp-4.2.4p6+dfsg.new/ntpq/ntpq.c
7
--- ntp-4.2.4p6+dfsg/ntpq/ntpq.c 2009-05-13 11:56:10.000000000 -0500
8
+++ ntp-4.2.4p6+dfsg.new/ntpq/ntpq.c 2009-05-13 11:58:06.000000000 -0500
10
if (!decodeuint(value, &uval))
16
- (void) sprintf(b, "%03lo", uval);
17
+ (void) snprintf(b, sizeof b, "%03lo", uval);