Tue May 26 05:17:29 2009 UTC ()
Pull up following revision(s) (requested by mrg in ticket #1320):
	dist/ntp/ntpd/ntp_crypto.c: revision 1.15
Fix CVE-2009-1252: Buffer overflow in ntpd crypto code. A remote
attacker can send a specially constructed request packet that would
overflow the sprintf()'ed buffer causing ntpd to crash.


(snj)
diff -r1.10.4.1 -r1.10.4.2 src/dist/ntp/ntpd/ntp_crypto.c
cvs diff -r1.10.4.1 -r1.10.4.2 src/dist/ntp/ntpd/Attic/ntp_crypto.c (expand / switch to unified diff)

--- src/dist/ntp/ntpd/Attic/ntp_crypto.c 2007/08/21 08:40:01 1.10.4.1
+++ src/dist/ntp/ntpd/Attic/ntp_crypto.c 2009/05/26 05:17:29 1.10.4.2
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: ntp_crypto.c,v 1.10.4.1 2007/08/21 08:40:01 ghen Exp $ */ 1/* $NetBSD: ntp_crypto.c,v 1.10.4.2 2009/05/26 05:17:29 snj Exp $ */
2 2
3/* 3/*
4 * ntp_crypto.c - NTP version 4 public key routines 4 * ntp_crypto.c - NTP version 4 public key routines
5 */ 5 */
6#ifdef HAVE_CONFIG_H 6#ifdef HAVE_CONFIG_H
7#include <config.h> 7#include <config.h>
8#endif 8#endif
9 9
10#ifdef OPENSSL 10#ifdef OPENSSL
11#include <stdio.h> 11#include <stdio.h>
12#include <sys/types.h> 12#include <sys/types.h>
13#include <sys/param.h> 13#include <sys/param.h>
14#include <unistd.h> 14#include <unistd.h>
@@ -562,27 +562,27 @@ crypto_recv( @@ -562,27 +562,27 @@ crypto_recv(
562 562
563 /* 563 /*
564 * Save status word, host name and message 564 * Save status word, host name and message
565 * digest/signature type. 565 * digest/signature type.
566 */ 566 */
567 peer->crypto = fstamp; 567 peer->crypto = fstamp;
568 peer->digest = dp; 568 peer->digest = dp;
569 peer->subject = emalloc(vallen + 1); 569 peer->subject = emalloc(vallen + 1);
570 memcpy(peer->subject, ep->pkt, vallen); 570 memcpy(peer->subject, ep->pkt, vallen);
571 peer->subject[vallen] = '\0'; 571 peer->subject[vallen] = '\0';
572 peer->issuer = emalloc(vallen + 1); 572 peer->issuer = emalloc(vallen + 1);
573 strcpy(peer->issuer, peer->subject); 573 strcpy(peer->issuer, peer->subject);
574 temp32 = (fstamp >> 16) & 0xffff; 574 temp32 = (fstamp >> 16) & 0xffff;
575 sprintf(statstr, 575 snprintf(statstr, NTP_MAXSTRLEN,
576 "flags 0x%x host %s signature %s", fstamp, 576 "flags 0x%x host %s signature %s", fstamp,
577 peer->subject, OBJ_nid2ln(temp32)); 577 peer->subject, OBJ_nid2ln(temp32));
578 record_crypto_stats(&peer->srcadr, statstr); 578 record_crypto_stats(&peer->srcadr, statstr);
579#ifdef DEBUG 579#ifdef DEBUG
580 if (debug) 580 if (debug)
581 printf("crypto_recv: %s\n", statstr); 581 printf("crypto_recv: %s\n", statstr);
582#endif 582#endif
583 break; 583 break;
584 584
585 /* 585 /*
586 * Decode X509 certificate in ASN.1 format and extract 586 * Decode X509 certificate in ASN.1 format and extract
587 * the data containing, among other things, subject 587 * the data containing, among other things, subject
588 * name and public key. In the default identification 588 * name and public key. In the default identification
@@ -628,27 +628,28 @@ crypto_recv( @@ -628,27 +628,28 @@ crypto_recv(
628 * that this certificate might not be signed by 628 * that this certificate might not be signed by
629 * the server, so we can't check the 629 * the server, so we can't check the
630 * signature/digest NID. 630 * signature/digest NID.
631 */ 631 */
632 if (peer->pkey == NULL) { 632 if (peer->pkey == NULL) {
633 ptr = (u_char *)cinfo->cert.ptr; 633 ptr = (u_char *)cinfo->cert.ptr;
634 cert = d2i_X509(NULL, &ptr, 634 cert = d2i_X509(NULL, &ptr,
635 ntohl(cinfo->cert.vallen)); 635 ntohl(cinfo->cert.vallen));
636 peer->pkey = X509_get_pubkey(cert); 636 peer->pkey = X509_get_pubkey(cert);
637 X509_free(cert); 637 X509_free(cert);
638 } 638 }
639 peer->flash &= ~TEST8; 639 peer->flash &= ~TEST8;
640 temp32 = cinfo->nid; 640 temp32 = cinfo->nid;
641 sprintf(statstr, "cert %s 0x%x %s (%u) fs %u", 641 snprintf(statstr, NTP_MAXSTRLEN,
 642 "cert %s 0x%x %s (%u) fs %u",
642 cinfo->subject, cinfo->flags, 643 cinfo->subject, cinfo->flags,
643 OBJ_nid2ln(temp32), temp32, 644 OBJ_nid2ln(temp32), temp32,
644 ntohl(ep->fstamp)); 645 ntohl(ep->fstamp));
645 record_crypto_stats(&peer->srcadr, statstr); 646 record_crypto_stats(&peer->srcadr, statstr);
646#ifdef DEBUG 647#ifdef DEBUG
647 if (debug) 648 if (debug)
648 printf("crypto_recv: %s\n", statstr); 649 printf("crypto_recv: %s\n", statstr);
649#endif 650#endif
650 break; 651 break;
651 652
652 /* 653 /*
653 * Schnorr (IFF)identity scheme. This scheme is designed 654 * Schnorr (IFF)identity scheme. This scheme is designed
654 * for use with shared secret group keys and where the 655 * for use with shared secret group keys and where the
@@ -677,27 +678,27 @@ crypto_recv( @@ -677,27 +678,27 @@ crypto_recv(
677 * the certificate public key, as well as the 678 * the certificate public key, as well as the
678 * server public key, signatyre and identity are 679 * server public key, signatyre and identity are
679 * all verified at the same time. The server is 680 * all verified at the same time. The server is
680 * declared trusted, so we skip further 681 * declared trusted, so we skip further
681 * certificate stages and move immediately to 682 * certificate stages and move immediately to
682 * the cookie stage. 683 * the cookie stage.
683 */ 684 */
684 if ((rval = crypto_iff(ep, peer)) != XEVNT_OK) 685 if ((rval = crypto_iff(ep, peer)) != XEVNT_OK)
685 break; 686 break;
686 687
687 peer->crypto |= CRYPTO_FLAG_VRFY | 688 peer->crypto |= CRYPTO_FLAG_VRFY |
688 CRYPTO_FLAG_PROV; 689 CRYPTO_FLAG_PROV;
689 peer->flash &= ~TEST8; 690 peer->flash &= ~TEST8;
690 sprintf(statstr, "iff fs %u", 691 snprintf(statstr, NTP_MAXSTRLEN, "iff fs %u",
691 ntohl(ep->fstamp)); 692 ntohl(ep->fstamp));
692 record_crypto_stats(&peer->srcadr, statstr); 693 record_crypto_stats(&peer->srcadr, statstr);
693#ifdef DEBUG 694#ifdef DEBUG
694 if (debug) 695 if (debug)
695 printf("crypto_recv: %s\n", statstr); 696 printf("crypto_recv: %s\n", statstr);
696#endif 697#endif
697 break; 698 break;
698 699
699 /* 700 /*
700 * Guillou-Quisquater (GQ) identity scheme. This scheme 701 * Guillou-Quisquater (GQ) identity scheme. This scheme
701 * is designed for use with public certificates carrying 702 * is designed for use with public certificates carrying
702 * the GQ public key in an extension field. The client 703 * the GQ public key in an extension field. The client
703 * sends a challenge to the server, which performs a 704 * sends a challenge to the server, which performs a
@@ -725,27 +726,27 @@ crypto_recv( @@ -725,27 +726,27 @@ crypto_recv(
725 * the certificate public key, as well as the 726 * the certificate public key, as well as the
726 * server public key, signatyre and identity are 727 * server public key, signatyre and identity are
727 * all verified at the same time. The server is 728 * all verified at the same time. The server is
728 * declared trusted, so we skip further 729 * declared trusted, so we skip further
729 * certificate stages and move immediately to 730 * certificate stages and move immediately to
730 * the cookie stage. 731 * the cookie stage.
731 */ 732 */
732 if ((rval = crypto_gq(ep, peer)) != XEVNT_OK) 733 if ((rval = crypto_gq(ep, peer)) != XEVNT_OK)
733 break; 734 break;
734 735
735 peer->crypto |= CRYPTO_FLAG_VRFY | 736 peer->crypto |= CRYPTO_FLAG_VRFY |
736 CRYPTO_FLAG_PROV; 737 CRYPTO_FLAG_PROV;
737 peer->flash &= ~TEST8; 738 peer->flash &= ~TEST8;
738 sprintf(statstr, "gq fs %u", 739 snprintf(statstr, NTP_MAXSTRLEN, "gq fs %u",
739 ntohl(ep->fstamp)); 740 ntohl(ep->fstamp));
740 record_crypto_stats(&peer->srcadr, statstr); 741 record_crypto_stats(&peer->srcadr, statstr);
741#ifdef DEBUG 742#ifdef DEBUG
742 if (debug) 743 if (debug)
743 printf("crypto_recv: %s\n", statstr); 744 printf("crypto_recv: %s\n", statstr);
744#endif 745#endif
745 break; 746 break;
746 747
747 /* 748 /*
748 * MV 749 * MV
749 */ 750 */
750 case CRYPTO_MV | CRYPTO_RESP: 751 case CRYPTO_MV | CRYPTO_RESP:
751 752
@@ -766,27 +767,27 @@ crypto_recv( @@ -766,27 +767,27 @@ crypto_recv(
766 * the certificate public key, as well as the 767 * the certificate public key, as well as the
767 * server public key, signatyre and identity are 768 * server public key, signatyre and identity are
768 * all verified at the same time. The server is 769 * all verified at the same time. The server is
769 * declared trusted, so we skip further 770 * declared trusted, so we skip further
770 * certificate stages and move immediately to 771 * certificate stages and move immediately to
771 * the cookie stage. 772 * the cookie stage.
772 */ 773 */
773 if ((rval = crypto_mv(ep, peer)) != XEVNT_OK) 774 if ((rval = crypto_mv(ep, peer)) != XEVNT_OK)
774 break; 775 break;
775 776
776 peer->crypto |= CRYPTO_FLAG_VRFY | 777 peer->crypto |= CRYPTO_FLAG_VRFY |
777 CRYPTO_FLAG_PROV; 778 CRYPTO_FLAG_PROV;
778 peer->flash &= ~TEST8; 779 peer->flash &= ~TEST8;
779 sprintf(statstr, "mv fs %u", 780 snprintf(statstr, NTP_MAXSTRLEN, "mv fs %u",
780 ntohl(ep->fstamp)); 781 ntohl(ep->fstamp));
781 record_crypto_stats(&peer->srcadr, statstr); 782 record_crypto_stats(&peer->srcadr, statstr);
782#ifdef DEBUG 783#ifdef DEBUG
783 if (debug) 784 if (debug)
784 printf("crypto_recv: %s\n", statstr); 785 printf("crypto_recv: %s\n", statstr);
785#endif 786#endif
786 break; 787 break;
787 788
788 /* 789 /*
789 * Cookie request in symmetric modes. Roll a random 790 * Cookie request in symmetric modes. Roll a random
790 * cookie and install in symmetric mode. Encrypt for the 791 * cookie and install in symmetric mode. Encrypt for the
791 * response, which is transmitted later. 792 * response, which is transmitted later.
792 */ 793 */
@@ -820,27 +821,27 @@ crypto_recv( @@ -820,27 +821,27 @@ crypto_recv(
820 821
821 /* 822 /*
822 * Install cookie values and light the cookie 823 * Install cookie values and light the cookie
823 * bit. The transmit side will pick up and 824 * bit. The transmit side will pick up and
824 * encrypt it for the response. 825 * encrypt it for the response.
825 */ 826 */
826 key_expire(peer); 827 key_expire(peer);
827 peer->cookval.tstamp = ep->tstamp; 828 peer->cookval.tstamp = ep->tstamp;
828 peer->cookval.fstamp = ep->fstamp; 829 peer->cookval.fstamp = ep->fstamp;
829 RAND_bytes((u_char *)&peer->pcookie, 4); 830 RAND_bytes((u_char *)&peer->pcookie, 4);
830 peer->crypto &= ~CRYPTO_FLAG_AUTO; 831 peer->crypto &= ~CRYPTO_FLAG_AUTO;
831 peer->crypto |= CRYPTO_FLAG_AGREE; 832 peer->crypto |= CRYPTO_FLAG_AGREE;
832 peer->flash &= ~TEST8; 833 peer->flash &= ~TEST8;
833 sprintf(statstr, "cook %x ts %u fs %u", 834 snprintf(statstr, NTP_MAXSTRLEN, "cook %x ts %u fs %u",
834 peer->pcookie, ntohl(ep->tstamp), 835 peer->pcookie, ntohl(ep->tstamp),
835 ntohl(ep->fstamp)); 836 ntohl(ep->fstamp));
836 record_crypto_stats(&peer->srcadr, statstr); 837 record_crypto_stats(&peer->srcadr, statstr);
837#ifdef DEBUG 838#ifdef DEBUG
838 if (debug) 839 if (debug)
839 printf("crypto_recv: %s\n", statstr); 840 printf("crypto_recv: %s\n", statstr);
840#endif 841#endif
841 break; 842 break;
842 843
843 /* 844 /*
844 * Cookie response in client and symmetric modes. If the 845 * Cookie response in client and symmetric modes. If the
845 * cookie bit is set, the working cookie is the EXOR of 846 * cookie bit is set, the working cookie is the EXOR of
846 * the current and new values. 847 * the current and new values.
@@ -885,27 +886,27 @@ crypto_recv( @@ -885,27 +886,27 @@ crypto_recv(
885 peer->cookval.tstamp = ep->tstamp; 886 peer->cookval.tstamp = ep->tstamp;
886 peer->cookval.fstamp = ep->fstamp; 887 peer->cookval.fstamp = ep->fstamp;
887 if (peer->crypto & CRYPTO_FLAG_AGREE) 888 if (peer->crypto & CRYPTO_FLAG_AGREE)
888 peer->pcookie ^= cookie; 889 peer->pcookie ^= cookie;
889 else 890 else
890 peer->pcookie = cookie; 891 peer->pcookie = cookie;
891 if (peer->hmode == MODE_CLIENT && 892 if (peer->hmode == MODE_CLIENT &&
892 !(peer->cast_flags & MDF_BCLNT)) 893 !(peer->cast_flags & MDF_BCLNT))
893 peer->crypto |= CRYPTO_FLAG_AUTO; 894 peer->crypto |= CRYPTO_FLAG_AUTO;
894 else 895 else
895 peer->crypto &= ~CRYPTO_FLAG_AUTO; 896 peer->crypto &= ~CRYPTO_FLAG_AUTO;
896 peer->crypto |= CRYPTO_FLAG_AGREE; 897 peer->crypto |= CRYPTO_FLAG_AGREE;
897 peer->flash &= ~TEST8; 898 peer->flash &= ~TEST8;
898 sprintf(statstr, "cook %x ts %u fs %u", 899 snprintf(statstr, NTP_MAXSTRLEN, "cook %x ts %u fs %u",
899 peer->pcookie, ntohl(ep->tstamp), 900 peer->pcookie, ntohl(ep->tstamp),
900 ntohl(ep->fstamp)); 901 ntohl(ep->fstamp));
901 record_crypto_stats(&peer->srcadr, statstr); 902 record_crypto_stats(&peer->srcadr, statstr);
902#ifdef DEBUG 903#ifdef DEBUG
903 if (debug) 904 if (debug)
904 printf("crypto_recv: %s\n", statstr); 905 printf("crypto_recv: %s\n", statstr);
905#endif 906#endif
906 break; 907 break;
907 908
908 /* 909 /*
909 * Install autokey values in broadcast client and 910 * Install autokey values in broadcast client and
910 * symmetric modes. We have to do this every time the 911 * symmetric modes. We have to do this every time the
911 * sever/peer cookie changes or a new keylist is 912 * sever/peer cookie changes or a new keylist is
@@ -936,27 +937,27 @@ crypto_recv( @@ -936,27 +937,27 @@ crypto_recv(
936 */ 937 */
937 if (peer->recval.ptr == NULL) 938 if (peer->recval.ptr == NULL)
938 peer->recval.ptr = 939 peer->recval.ptr =
939 emalloc(sizeof(struct autokey)); 940 emalloc(sizeof(struct autokey));
940 bp = (struct autokey *)peer->recval.ptr; 941 bp = (struct autokey *)peer->recval.ptr;
941 peer->recval.tstamp = ep->tstamp; 942 peer->recval.tstamp = ep->tstamp;
942 peer->recval.fstamp = ep->fstamp; 943 peer->recval.fstamp = ep->fstamp;
943 ap = (struct autokey *)ep->pkt; 944 ap = (struct autokey *)ep->pkt;
944 bp->seq = ntohl(ap->seq); 945 bp->seq = ntohl(ap->seq);
945 bp->key = ntohl(ap->key); 946 bp->key = ntohl(ap->key);
946 peer->pkeyid = bp->key; 947 peer->pkeyid = bp->key;
947 peer->crypto |= CRYPTO_FLAG_AUTO; 948 peer->crypto |= CRYPTO_FLAG_AUTO;
948 peer->flash &= ~TEST8; 949 peer->flash &= ~TEST8;
949 sprintf(statstr, 950 snprintf(statstr, NTP_MAXSTRLEN,
950 "auto seq %d key %x ts %u fs %u", bp->seq, 951 "auto seq %d key %x ts %u fs %u", bp->seq,
951 bp->key, ntohl(ep->tstamp), 952 bp->key, ntohl(ep->tstamp),
952 ntohl(ep->fstamp)); 953 ntohl(ep->fstamp));
953 record_crypto_stats(&peer->srcadr, statstr); 954 record_crypto_stats(&peer->srcadr, statstr);
954#ifdef DEBUG 955#ifdef DEBUG
955 if (debug) 956 if (debug)
956 printf("crypto_recv: %s\n", statstr); 957 printf("crypto_recv: %s\n", statstr);
957#endif 958#endif
958 break; 959 break;
959  960
960 /* 961 /*
961 * X509 certificate sign response. Validate the 962 * X509 certificate sign response. Validate the
962 * certificate signed by the server and install. Later 963 * certificate signed by the server and install. Later
@@ -979,27 +980,28 @@ crypto_recv( @@ -979,27 +980,28 @@ crypto_recv(
979 break; 980 break;
980 981
981 /* 982 /*
982 * Scan the certificate list to delete old 983 * Scan the certificate list to delete old
983 * versions and link the newest version first on 984 * versions and link the newest version first on
984 * the list. 985 * the list.
985 */ 986 */
986 if ((rval = cert_install(ep, peer)) != XEVNT_OK) 987 if ((rval = cert_install(ep, peer)) != XEVNT_OK)
987 break; 988 break;
988 989
989 peer->crypto |= CRYPTO_FLAG_SIGN; 990 peer->crypto |= CRYPTO_FLAG_SIGN;
990 peer->flash &= ~TEST8; 991 peer->flash &= ~TEST8;
991 temp32 = cinfo->nid; 992 temp32 = cinfo->nid;
992 sprintf(statstr, "sign %s 0x%x %s (%u) fs %u", 993 snprintf(statstr, NTP_MAXSTRLEN,
 994 "sign %s 0x%x %s (%u) fs %u",
993 cinfo->issuer, cinfo->flags, 995 cinfo->issuer, cinfo->flags,
994 OBJ_nid2ln(temp32), temp32, 996 OBJ_nid2ln(temp32), temp32,
995 ntohl(ep->fstamp)); 997 ntohl(ep->fstamp));
996 record_crypto_stats(&peer->srcadr, statstr); 998 record_crypto_stats(&peer->srcadr, statstr);
997#ifdef DEBUG 999#ifdef DEBUG
998 if (debug) 1000 if (debug)
999 printf("crypto_recv: %s\n", statstr); 1001 printf("crypto_recv: %s\n", statstr);
1000#endif 1002#endif
1001 break; 1003 break;
1002 1004
1003 /* 1005 /*
1004 * Install leapseconds table in symmetric modes. This 1006 * Install leapseconds table in symmetric modes. This
1005 * table is proventicated to the NIST primary servers, 1007 * table is proventicated to the NIST primary servers,
@@ -1063,27 +1065,28 @@ crypto_recv( @@ -1063,27 +1065,28 @@ crypto_recv(
1063 if (ntohl(peer->tai_leap.fstamp) > 1065 if (ntohl(peer->tai_leap.fstamp) >
1064 ntohl(tai_leap.fstamp)) { 1066 ntohl(tai_leap.fstamp)) {
1065 tai_leap.fstamp = ep->fstamp; 1067 tai_leap.fstamp = ep->fstamp;
1066 tai_leap.vallen = ep->vallen; 1068 tai_leap.vallen = ep->vallen;
1067 if (tai_leap.ptr != NULL) 1069 if (tai_leap.ptr != NULL)
1068 free(tai_leap.ptr); 1070 free(tai_leap.ptr);
1069 tai_leap.ptr = emalloc(vallen); 1071 tai_leap.ptr = emalloc(vallen);
1070 memcpy(tai_leap.ptr, ep->pkt, vallen); 1072 memcpy(tai_leap.ptr, ep->pkt, vallen);
1071 crypto_update(); 1073 crypto_update();
1072 } 1074 }
1073 crypto_flags |= CRYPTO_FLAG_TAI; 1075 crypto_flags |= CRYPTO_FLAG_TAI;
1074 peer->crypto |= CRYPTO_FLAG_LEAP; 1076 peer->crypto |= CRYPTO_FLAG_LEAP;
1075 peer->flash &= ~TEST8; 1077 peer->flash &= ~TEST8;
1076 sprintf(statstr, "leap %u ts %u fs %u", vallen, 1078 snprintf(statstr, NTP_MAXSTRLEN,
 1079 "leap %u ts %u fs %u", vallen,
1077 ntohl(ep->tstamp), ntohl(ep->fstamp)); 1080 ntohl(ep->tstamp), ntohl(ep->fstamp));
1078 record_crypto_stats(&peer->srcadr, statstr); 1081 record_crypto_stats(&peer->srcadr, statstr);
1079#ifdef DEBUG 1082#ifdef DEBUG
1080 if (debug) 1083 if (debug)
1081 printf("crypto_recv: %s\n", statstr); 1084 printf("crypto_recv: %s\n", statstr);
1082#endif 1085#endif
1083 break; 1086 break;
1084 1087
1085 /* 1088 /*
1086 * We come here in symmetric modes for miscellaneous 1089 * We come here in symmetric modes for miscellaneous
1087 * commands that have value fields but are processed on 1090 * commands that have value fields but are processed on
1088 * the transmit side. All we need do here is check for 1091 * the transmit side. All we need do here is check for
1089 * valid field length. Remaining checks are below and on 1092 * valid field length. Remaining checks are below and on
@@ -1119,27 +1122,27 @@ crypto_recv( @@ -1119,27 +1122,27 @@ crypto_recv(
1119 peer->cmmd = fp; 1122 peer->cmmd = fp;
1120 } 1123 }
1121 } 1124 }
1122 1125
1123 /* 1126 /*
1124 * We don't log length/format/timestamp errors and 1127 * We don't log length/format/timestamp errors and
1125 * duplicates, which are log clogging vulnerabilities. 1128 * duplicates, which are log clogging vulnerabilities.
1126 * The first error found terminates the extension field 1129 * The first error found terminates the extension field
1127 * scan and we return the laundry to the caller. A 1130 * scan and we return the laundry to the caller. A
1128 * length/format/timestamp error on transmit is 1131 * length/format/timestamp error on transmit is
1129 * cheerfully ignored, as the message is not sent. 1132 * cheerfully ignored, as the message is not sent.
1130 */ 1133 */
1131 if (rval > XEVNT_TSP) { 1134 if (rval > XEVNT_TSP) {
1132 sprintf(statstr, 1135 snprintf(statstr, NTP_MAXSTRLEN,
1133 "error %x opcode %x ts %u fs %u", rval, 1136 "error %x opcode %x ts %u fs %u", rval,
1134 code, tstamp, fstamp); 1137 code, tstamp, fstamp);
1135 record_crypto_stats(&peer->srcadr, statstr); 1138 record_crypto_stats(&peer->srcadr, statstr);
1136 report_event(rval, peer); 1139 report_event(rval, peer);
1137#ifdef DEBUG 1140#ifdef DEBUG
1138 if (debug) 1141 if (debug)
1139 printf("crypto_recv: %s\n", statstr); 1142 printf("crypto_recv: %s\n", statstr);
1140#endif 1143#endif
1141 break; 1144 break;
1142 1145
1143 } else if (rval > XEVNT_OK && (code & CRYPTO_RESP)) { 1146 } else if (rval > XEVNT_OK && (code & CRYPTO_RESP)) {
1144 rval = XEVNT_OK; 1147 rval = XEVNT_OK;
1145 } 1148 }
@@ -1445,27 +1448,28 @@ crypto_xmit( @@ -1445,27 +1448,28 @@ crypto_xmit(
1445 * flag as error. 1448 * flag as error.
1446 */ 1449 */
1447 default: 1450 default:
1448 if (opcode & CRYPTO_RESP) 1451 if (opcode & CRYPTO_RESP)
1449 rval = XEVNT_ERR; 1452 rval = XEVNT_ERR;
1450 } 1453 }
1451 1454
1452 /* 1455 /*
1453 * In case of error, flame the log. If a request, toss the 1456 * In case of error, flame the log. If a request, toss the
1454 * puppy; if a response, return so the sender can flame, too. 1457 * puppy; if a response, return so the sender can flame, too.
1455 */ 1458 */
1456 if (rval != XEVNT_OK) { 1459 if (rval != XEVNT_OK) {
1457 opcode |= CRYPTO_ERROR; 1460 opcode |= CRYPTO_ERROR;
1458 sprintf(statstr, "error %x opcode %x", rval, opcode); 1461 snprintf(statstr, NTP_MAXSTRLEN,
 1462 "error %x opcode %x", rval, opcode);
1459 record_crypto_stats(srcadr_sin, statstr); 1463 record_crypto_stats(srcadr_sin, statstr);
1460 report_event(rval, NULL); 1464 report_event(rval, NULL);
1461#ifdef DEBUG 1465#ifdef DEBUG
1462 if (debug) 1466 if (debug)
1463 printf("crypto_xmit: %s\n", statstr); 1467 printf("crypto_xmit: %s\n", statstr);
1464#endif 1468#endif
1465 if (!(opcode & CRYPTO_RESP)) 1469 if (!(opcode & CRYPTO_RESP))
1466 return (0); 1470 return (0);
1467 } 1471 }
1468 1472
1469 /* 1473 /*
1470 * Round up the field length to a multiple of 8 bytes and save 1474 * Round up the field length to a multiple of 8 bytes and save
1471 * the request code and length. 1475 * the request code and length.
@@ -1944,27 +1948,28 @@ crypto_update(void) @@ -1944,27 +1948,28 @@ crypto_update(void)
1944 */ 1948 */
1945 if (tai_leap.vallen != 0) { 1949 if (tai_leap.vallen != 0) {
1946 tai_leap.tstamp = hostval.tstamp; 1950 tai_leap.tstamp = hostval.tstamp;
1947 tai_leap.siglen = 0; 1951 tai_leap.siglen = 0;
1948 if (tai_leap.sig == NULL) 1952 if (tai_leap.sig == NULL)
1949 tai_leap.sig = emalloc(sign_siglen); 1953 tai_leap.sig = emalloc(sign_siglen);
1950 EVP_SignInit(&ctx, sign_digest); 1954 EVP_SignInit(&ctx, sign_digest);
1951 EVP_SignUpdate(&ctx, (u_char *)&tai_leap, 12); 1955 EVP_SignUpdate(&ctx, (u_char *)&tai_leap, 12);
1952 EVP_SignUpdate(&ctx, tai_leap.ptr, 1956 EVP_SignUpdate(&ctx, tai_leap.ptr,
1953 ntohl(tai_leap.vallen)); 1957 ntohl(tai_leap.vallen));
1954 if (EVP_SignFinal(&ctx, tai_leap.sig, &len, sign_pkey)) 1958 if (EVP_SignFinal(&ctx, tai_leap.sig, &len, sign_pkey))
1955 tai_leap.siglen = htonl(len); 1959 tai_leap.siglen = htonl(len);
1956 } 1960 }
1957 sprintf(statstr, "update ts %u", ntohl(hostval.tstamp));  1961 snprintf(statstr, NTP_MAXSTRLEN,
 1962 "update ts %u", ntohl(hostval.tstamp));
1958 record_crypto_stats(NULL, statstr); 1963 record_crypto_stats(NULL, statstr);
1959#ifdef DEBUG 1964#ifdef DEBUG
1960 if (debug) 1965 if (debug)
1961 printf("crypto_update: %s\n", statstr); 1966 printf("crypto_update: %s\n", statstr);
1962#endif 1967#endif
1963} 1968}
1964 1969
1965 1970
1966/* 1971/*
1967 * value_free - free value structure components. 1972 * value_free - free value structure components.
1968 * 1973 *
1969 * Returns void (no errors) 1974 * Returns void (no errors)
1970 */ 1975 */
@@ -3598,27 +3603,27 @@ crypto_key( @@ -3598,27 +3603,27 @@ crypto_key(
3598 pkey = PEM_read_PrivateKey(str, NULL, NULL, passwd); 3603 pkey = PEM_read_PrivateKey(str, NULL, NULL, passwd);
3599 fclose(str); 3604 fclose(str);
3600 if (pkey == NULL) { 3605 if (pkey == NULL) {
3601 msyslog(LOG_ERR, "crypto_key %s\n", 3606 msyslog(LOG_ERR, "crypto_key %s\n",
3602 ERR_error_string(ERR_get_error(), NULL)); 3607 ERR_error_string(ERR_get_error(), NULL));
3603 return (NULL); 3608 return (NULL);
3604 } 3609 }
3605 3610
3606 /* 3611 /*
3607 * Leave tracks in the cryptostats. 3612 * Leave tracks in the cryptostats.
3608 */ 3613 */
3609 if ((ptr = strrchr(linkname, '\n')) != NULL) 3614 if ((ptr = strrchr(linkname, '\n')) != NULL)
3610 *ptr = '\0';  3615 *ptr = '\0';
3611 sprintf(statstr, "%s mod %d", &linkname[2], 3616 snprintf(statstr, NTP_MAXSTRLEN, "%s mod %d", &linkname[2],
3612 EVP_PKEY_size(pkey) * 8); 3617 EVP_PKEY_size(pkey) * 8);
3613 record_crypto_stats(NULL, statstr); 3618 record_crypto_stats(NULL, statstr);
3614#ifdef DEBUG 3619#ifdef DEBUG
3615 if (debug) 3620 if (debug)
3616 printf("crypto_key: %s\n", statstr); 3621 printf("crypto_key: %s\n", statstr);
3617 if (debug > 1) { 3622 if (debug > 1) {
3618 if (pkey->type == EVP_PKEY_DSA) 3623 if (pkey->type == EVP_PKEY_DSA)
3619 DSA_print_fp(stdout, pkey->pkey.dsa, 0); 3624 DSA_print_fp(stdout, pkey->pkey.dsa, 0);
3620 else 3625 else
3621 RSA_print_fp(stdout, pkey->pkey.rsa, 0); 3626 RSA_print_fp(stdout, pkey->pkey.rsa, 0);
3622 } 3627 }
3623#endif 3628#endif
3624 return (pkey); 3629 return (pkey);
@@ -3707,28 +3712,28 @@ crypto_cert( @@ -3707,28 +3712,28 @@ crypto_cert(
3707 free(name); 3712 free(name);
3708 3713
3709 /* 3714 /*
3710 * Parse certificate and generate info/value structure. 3715 * Parse certificate and generate info/value structure.
3711 */ 3716 */
3712 ret = cert_parse(data, len, fstamp); 3717 ret = cert_parse(data, len, fstamp);
3713 free(data); 3718 free(data);
3714 (void)fclose(str); 3719 (void)fclose(str);
3715 if (ret == NULL) 3720 if (ret == NULL)
3716 return (NULL); 3721 return (NULL);
3717 3722
3718 if ((ptr = strrchr(linkname, '\n')) != NULL) 3723 if ((ptr = strrchr(linkname, '\n')) != NULL)
3719 *ptr = '\0';  3724 *ptr = '\0';
3720 sprintf(statstr, "%s 0x%x len %lu", &linkname[2], ret->flags, 3725 snprintf(statstr, NTP_MAXSTRLEN,
3721 len); 3726 "%s 0x%x len %lu", &linkname[2], ret->flags, len);
3722 record_crypto_stats(NULL, statstr); 3727 record_crypto_stats(NULL, statstr);
3723#ifdef DEBUG 3728#ifdef DEBUG
3724 if (debug) 3729 if (debug)
3725 printf("crypto_cert: %s\n", statstr); 3730 printf("crypto_cert: %s\n", statstr);
3726#endif 3731#endif
3727 return (ret); 3732 return (ret);
3728} 3733}
3729 3734
3730 3735
3731/* 3736/*
3732 * crypto_tai - load leapseconds table from file 3737 * crypto_tai - load leapseconds table from file
3733 * 3738 *
3734 * This routine loads the ERTS leapsecond file in NIST text format, 3739 * This routine loads the ERTS leapsecond file in NIST text format,
@@ -3824,27 +3829,27 @@ crypto_tai( @@ -3824,27 +3829,27 @@ crypto_tai(
3824 } 3829 }
3825 3830
3826 /* 3831 /*
3827 * The extension field table entries consists of the NTP seconds 3832 * The extension field table entries consists of the NTP seconds
3828 * of leap insertion in network byte order. 3833 * of leap insertion in network byte order.
3829 */ 3834 */
3830 len = i * sizeof(u_int32); 3835 len = i * sizeof(u_int32);
3831 tai_leap.vallen = htonl(len); 3836 tai_leap.vallen = htonl(len);
3832 ptr = emalloc(len); 3837 ptr = emalloc(len);
3833 tai_leap.ptr = (u_char *)ptr; 3838 tai_leap.ptr = (u_char *)ptr;
3834 for (j = 0; j < i; j++) 3839 for (j = 0; j < i; j++)
3835 *ptr++ = htonl(leapsec[j]); 3840 *ptr++ = htonl(leapsec[j]);
3836 crypto_flags |= CRYPTO_FLAG_TAI; 3841 crypto_flags |= CRYPTO_FLAG_TAI;
3837 sprintf(statstr, "%s fs %u leap %u len %u", cp, fstamp, 3842 snprintf(statstr, NTP_MAXSTRLEN, "%s fs %u leap %u len %u", cp, fstamp,
3838 leapsec[--j], len); 3843 leapsec[--j], len);
3839 record_crypto_stats(NULL, statstr); 3844 record_crypto_stats(NULL, statstr);
3840#ifdef DEBUG 3845#ifdef DEBUG
3841 if (debug) 3846 if (debug)
3842 printf("crypto_tai: %s\n", statstr); 3847 printf("crypto_tai: %s\n", statstr);
3843#endif 3848#endif
3844} 3849}
3845 3850
3846 3851
3847/* 3852/*
3848 * crypto_setup - load keys, certificate and leapseconds table 3853 * crypto_setup - load keys, certificate and leapseconds table
3849 * 3854 *
3850 * This routine loads the public/private host key and certificate. If 3855 * This routine loads the public/private host key and certificate. If