Ted_Anderson@TRANSARC.COM (12/04/90)
I found a bug that affects the query_mode procedure when you are using a local clock (read_local.c). The problem is that the peer->sock is set to getdtablesize() and (at least on AIX3.1) this is 2000. In the query_mode procedure it uses this number to index into the addrs table after only checking to make sure sock is >= 0. This index by 2000 was enough to give me a segfault. The fix is to bounds check with nintf: query_mode(dst, ntp, sock) struct sockaddr_in *dst; struct ntpdata *ntp; int sock; /* which socket packet arrived on */ { <<< 19 lines deleted >>> while (peer != NULL) { cip->net_address = peer->src.sin_addr.s_addr; if ((peer->sock < 0) || (peer->sock >= nintf)) /* instead of: if (peer->sock < 0) */ cip->my_address = htonl(0); else cip->my_address = addrs[peer->sock].sin.sin_addr.s_addr; cip->port = peer->src.sin_port; /* already in network order */ Ted Anderson