Precision Time Protocol daemon / Patches / #59 fix snprintf return value misuse

#59 fix snprintf return value misuse

Milestone: 2.3.2

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2016-02-15

Created: 2016-02-15

Creator: Yuriy Kaminskiy

Private: No

When error happens or formatted string would be larger than supplied buffer, snprintf returns -1 or value larger than supplied buffer size.
If this value is used without validating its range (by adding to pointer/etc), bad things will happen.
Attached patch (against svn trunk) fixes all cases I've found. Compile-tested only. I have not tried to check if any of changed code was exploitable.

1 Attachments

ptpd-20151120-fix-snprintf-misuse.patch

Discussion

Wojciech Owczarek - 2016-02-15

Thanks for this Yuriy,

We will get this pushed, however PTPd has moved to github now: https://github.com/ptpd/ptpd

Thanks,
Wojciech

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

fix snprintf return value misuse

Portable, complete and BSD-licenced IEEE 1588 (PTP) implementation

Group

Searches

Help

#59 fix snprintf return value misuse

Discussion