 @@ -1,14 +1,14 @@
-/*	$NetBSD: ntp_request.c,v 1.7 2012/02/01 22:48:15 kardel Exp $	*/
+/*	$NetBSD: ntp_request.c,v 1.7.2.1 2014/01/06 19:12:15 bouyer Exp $	*/
 /*
  * ntp_request.c - respond to information requests
  */
 #ifdef HAVE_CONFIG_H
 # include <config.h>
 #endif
 #include "ntpd.h"
 #include "ntp_io.h"
 #include "ntp_request.h"
 #include "ntp_control.h"
 @@ -78,28 +78,27 @@ static	void	mem_stats	(sockaddr_u *, str
 static	void	io_stats	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	timer_stats	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	loop_info	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	do_conf		(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	do_unconf	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	set_sys_flag	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	clr_sys_flag	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	setclr_flags	(sockaddr_u *, struct interface *, struct req_pkt *, u_long);
 static	void	list_restrict	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	do_resaddflags	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	do_ressubflags	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	do_unrestrict	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	do_restrict	(sockaddr_u *, struct interface *, struct req_pkt *, int);
-static	void	mon_getlist_0	(sockaddr_u *, struct interface *, struct req_pkt *);
+static	void	mon_getlist	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	mon_getlist_1	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	reset_stats	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	reset_peer	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	do_key_reread	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	trust_key	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	untrust_key	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	do_trustkey	(sockaddr_u *, struct interface *, struct req_pkt *, u_long);
 static	void	get_auth_info	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	reset_auth_stats (void);
 static	void	req_get_traps	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	req_set_trap	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	req_clr_trap	(sockaddr_u *, struct interface *, struct req_pkt *);
 static	void	do_setclr_trap	(sockaddr_u *, struct interface *, struct req_pkt *, int);
 static	void	set_request_keyid (sockaddr_u *, struct interface *, struct req_pkt *);
 @@ -139,28 +138,28 @@ static	struct req_proc ntp_codes[] = {
 	{ REQ_UNCONFIG,	    AUTH, v4sizeof(struct conf_unpeer),
 				sizeof(struct conf_unpeer), do_unconf },
 	{ REQ_SET_SYS_FLAG, AUTH, sizeof(struct conf_sys_flags),
 				sizeof(struct conf_sys_flags), set_sys_flag },
 	{ REQ_CLR_SYS_FLAG, AUTH, sizeof(struct conf_sys_flags),
 				sizeof(struct conf_sys_flags),  clr_sys_flag },
 	{ REQ_GET_RESTRICT,	NOAUTH,	0, 0,	list_restrict },
 	{ REQ_RESADDFLAGS, AUTH, v4sizeof(struct conf_restrict),
 				sizeof(struct conf_restrict), do_resaddflags },
 	{ REQ_RESSUBFLAGS, AUTH, v4sizeof(struct conf_restrict),
 				sizeof(struct conf_restrict), do_ressubflags },
 	{ REQ_UNRESTRICT, AUTH, v4sizeof(struct conf_restrict),
 				sizeof(struct conf_restrict), do_unrestrict },
-	{ REQ_MON_GETLIST,	NOAUTH,	0, 0,	mon_getlist_0 },
+	{ REQ_MON_GETLIST,	NOAUTH,	0, 0,	mon_getlist },
-	{ REQ_MON_GETLIST_1,	NOAUTH,	0, 0,	mon_getlist_1 },
+	{ REQ_MON_GETLIST_1,	NOAUTH,	0, 0,	mon_getlist },
 	{ REQ_RESET_STATS, AUTH, sizeof(struct reset_flags), 0, reset_stats },
 	{ REQ_RESET_PEER,  AUTH, v4sizeof(struct conf_unpeer),
 				sizeof(struct conf_unpeer), reset_peer },
 	{ REQ_REREAD_KEYS,	AUTH,	0, 0,	do_key_reread },
 	{ REQ_TRUSTKEY,   AUTH, sizeof(u_long), sizeof(u_long), trust_key },
 	{ REQ_UNTRUSTKEY, AUTH, sizeof(u_long), sizeof(u_long), untrust_key },
 	{ REQ_AUTHINFO,		NOAUTH,	0, 0,	get_auth_info },
 	{ REQ_TRAPS,		NOAUTH, 0, 0,	req_get_traps },
 	{ REQ_ADD_TRAP,	AUTH, v4sizeof(struct conf_trap),
 				sizeof(struct conf_trap), req_set_trap },
 	{ REQ_CLR_TRAP,	AUTH, v4sizeof(struct conf_trap),
 				sizeof(struct conf_trap), req_clr_trap },
 	{ REQ_REQUEST_KEY, AUTH, sizeof(u_long), sizeof(u_long),
 @@ -604,26 +603,29 @@ process_private(
 				"process_private: bad pkt length %zu",
 				recv_len);
 			req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 			return;
+		}
 		if (!mod_okay || !authhavekey(info_auth_keyid)) {
 			DPRINTF(5, ("failed auth mod_okay %d\n",
 				    mod_okay));
 #ifdef DEBUG
 			msyslog(LOG_DEBUG,
 				"process_private: failed auth mod_okay %d\n",
 				mod_okay);
 #endif
 			if (!mod_okay) {
 				sys_restricted++;
+			}
 			req_ack(srcadr, inter, inpkt, INFO_ERR_AUTH);
 			return;
+		}
 		/*
 		 * calculate absolute time difference between xmit time stamp
 		 * and receive time stamp.  If too large, too bad.
 		 */
 		NTOHL_FP(&tailinpkt->tstamp, &ftmp);
 		L_SUB(&ftmp, &rbufp->recv_time);
 		LFPTOD(&ftmp, dtemp);
 		if (fabs(dtemp) > INFO_TS_MAXSKEW) {
 			/*
 @@ -815,54 +817,62 @@ peer_list_sum(
+}
 /*
  * peer_info - send information for one or more peers
  */
 static void
 peer_info (
 	sockaddr_u *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt
+	)
+{
-	register struct info_peer_list *ipl;
+	struct info_peer_list ipl;
 	register struct peer *pp;
 	register struct info_peer *ip;
 	register int items;
 	size_t item_sz;
 	char * datap;
 	register int i, j;
 	sockaddr_u addr;
 	extern struct peer *sys_peer;
 	l_fp ltmp;
 	items = INFO_NITEMS(inpkt->err_nitems);
-	ipl = (struct info_peer_list *) inpkt->data;
+	item_sz = INFO_ITEMSIZE(inpkt->mbz_itemsize);
 	datap = inpkt->data;
 	if (item_sz != sizeof(ipl)) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 		return;
+	}
 	ip = (struct info_peer *)prepare_pkt(srcadr, inter, inpkt,
 	    v6sizeof(struct info_peer));
 	while (items-- > 0 && ip != 0) {
 		memset(&ipl,0,sizeof(ipl));
 		memcpy(&ipl, datap, item_sz);
 		ZERO_SOCK(&addr);
-		NSRCPORT(&addr) = ipl->port;
+		NSRCPORT(&addr) = ipl.port;
-		if (client_v6_capable && ipl->v6_flag) {
+		if (client_v6_capable && ipl.v6_flag) {
 			AF(&addr) = AF_INET6;
-			SOCK_ADDR6(&addr) = ipl->addr6;
+			SOCK_ADDR6(&addr) = ipl.addr6;
 		} else {
 			AF(&addr) = AF_INET;
-			NSRCADR(&addr) = ipl->addr;
+			NSRCADR(&addr) = ipl.addr;
+		}
 #ifdef ISC_PLATFORM_HAVESALEN
 		addr.sa.sa_len = SOCKLEN(&addr);
 #endif
-		ipl++;
+		datap += item_sz;
 		pp = findexistingpeer(&addr, NULL, -1, 0);
 		if (NULL == pp)
 			continue;
 		if (IS_IPV6(srcadr)) {
 			if (pp->dstadr)
 				ip->dstadr6 =
 				    (MDF_BCAST == pp->cast_flags)
 					? SOCK_ADDR6(&pp->dstadr->bcast)
 					: SOCK_ADDR6(&pp->dstadr->sin);
 			else
 				memset(&ip->dstadr6, 0, sizeof(ip->dstadr6));
 			ip->srcadr6 = SOCK_ADDR6(&pp->srcadr);
 @@ -948,59 +958,67 @@ peer_info (
+}
 /*
  * peer_stats - send statistics for one or more peers
  */
 static void
 peer_stats (
 	sockaddr_u *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt
+	)
+{
-	register struct info_peer_list *ipl;
+	struct info_peer_list ipl;
 	register struct peer *pp;
 	register struct info_peer_stats *ip;
 	register int items;
 	size_t item_sz;
 	char * datap;
 	sockaddr_u addr;
 	extern struct peer *sys_peer;
 #ifdef DEBUG
 	if (debug)
 	     printf("peer_stats: called\n");
 #endif
 	items = INFO_NITEMS(inpkt->err_nitems);
-	ipl = (struct info_peer_list *) inpkt->data;
+	item_sz = INFO_ITEMSIZE(inpkt->mbz_itemsize);
 	datap = inpkt->data;
 	if (item_sz > sizeof(ipl)) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 		return;
+	}
 	ip = (struct info_peer_stats *)prepare_pkt(srcadr, inter, inpkt,
 	    v6sizeof(struct info_peer_stats));
 	while (items-- > 0 && ip != 0) {
 		memset(&ipl,0,sizeof(ipl));
 		memcpy(&ipl, datap, item_sz);
 		memset((char *)&addr, 0, sizeof(addr));
-		NSRCPORT(&addr) = ipl->port;
+		NSRCPORT(&addr) = ipl.port;
-		if (client_v6_capable && ipl->v6_flag) {
+		if (client_v6_capable && ipl.v6_flag) {
 			AF(&addr) = AF_INET6;
-			SOCK_ADDR6(&addr) = ipl->addr6;
+			SOCK_ADDR6(&addr) = ipl.addr6;
 		} else {
 			AF(&addr) = AF_INET;
-			NSRCADR(&addr) = ipl->addr;
+			NSRCADR(&addr) = ipl.addr;
+		}
 #ifdef ISC_PLATFORM_HAVESALEN
 		addr.sa.sa_len = SOCKLEN(&addr);
 #endif
 		DPRINTF(1, ("peer_stats: looking for %s, %d, %d\n",
-			    stoa(&addr), ipl->port, NSRCPORT(&addr)));
+			    stoa(&addr), ipl.port, NSRCPORT(&addr)));
-		ipl = (struct info_peer_list *)((char *)ipl +
+		datap += item_sz;
 		    INFO_ITEMSIZE(inpkt->mbz_itemsize));
 		pp = findexistingpeer(&addr, NULL, -1, 0);
 		if (NULL == pp)
 			continue;
 		DPRINTF(1, ("peer_stats: found %s\n", stoa(&addr)));
 		if (IS_IPV4(&pp->srcadr)) {
 			if (pp->dstadr) {
 				if (!pp->processed)
 					ip->dstadr = NSRCADR(&pp->dstadr->sin);
 				else {
 					if (MDF_BCAST == pp->cast_flags)
 @@ -1316,75 +1334,49 @@ loop_info(
+}
 /*
  * do_conf - add a peer to the configuration list
  */
 static void
 do_conf(
 	sockaddr_u *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt
+	)
+{
 	static u_long soonest_ifrescan_time = 0;
 	int items;
 	size_t item_sz;
 	char * datap;
 	u_int fl;
 	struct conf_peer *cp;
 	struct conf_peer temp_cp;
 	sockaddr_u peeraddr;
 	/*
 	 * Do a check of everything to see that it looks
 	 * okay.  If not, complain about it.  Note we are
 	 * very picky here.
 	 */
 	items = INFO_NITEMS(inpkt->err_nitems);
-	cp = (struct conf_peer *)inpkt->data;
+	item_sz = INFO_ITEMSIZE(inpkt->mbz_itemsize);
-	memset(&temp_cp, 0, sizeof(struct conf_peer));
+	datap = inpkt->data;
-	memcpy(&temp_cp, (char *)cp, INFO_ITEMSIZE(inpkt->mbz_itemsize));
+	if (item_sz > sizeof(temp_cp)) {
 #if 0 /* paranoid checking - these are done in newpeer() */
 	fl = 0;
 	while (items-- > 0 && !fl) {
 		if (((temp_cp.version) > NTP_VERSION)
 		    || ((temp_cp.version) < NTP_OLDVERSION))
 		    fl = 1;
 		if (temp_cp.hmode != MODE_ACTIVE
 		    && temp_cp.hmode != MODE_CLIENT
 		    && temp_cp.hmode != MODE_BROADCAST)
 		    fl = 1;
 		if (temp_cp.flags & ~(CONF_FLAG_PREFER | CONF_FLAG_BURST |
 		    CONF_FLAG_IBURST | CONF_FLAG_SKEY))
 			fl = 1;
 		cp = (struct conf_peer *)
 		    ((char *)cp + INFO_ITEMSIZE(inpkt->mbz_itemsize));
 	if (fl) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 		return;
+	}
 #endif /* end paranoid checking */
 	/*
 	 * Looks okay, try it out
 	 */
 	items = INFO_NITEMS(inpkt->err_nitems);
 	cp = (struct conf_peer *)inpkt->data;
 	while (items-- > 0) {
 		memset(&temp_cp, 0, sizeof(struct conf_peer));
-		memcpy(&temp_cp, (char *)cp, INFO_ITEMSIZE(inpkt->mbz_itemsize));
+		memcpy(&temp_cp, datap, item_sz);
 		ZERO_SOCK(&peeraddr);
 		fl = 0;
 		if (temp_cp.flags & CONF_FLAG_PREFER)
 			fl |= FLAG_PREFER;
 		if (temp_cp.flags & CONF_FLAG_BURST)
 		    fl |= FLAG_BURST;
 		if (temp_cp.flags & CONF_FLAG_IBURST)
 		    fl |= FLAG_IBURST;
 #ifdef OPENSSL
 		if (temp_cp.flags & CONF_FLAG_SKEY)
 			fl |= FLAG_SKEY;
 #endif /* OPENSSL */
 @@ -1408,44 +1400,27 @@ do_conf(
 #ifdef ISC_PLATFORM_HAVESALEN
 		peeraddr.sa.sa_len = SOCKLEN(&peeraddr);
 #endif
 		/* XXX W2DO? minpoll/maxpoll arguments ??? */
 		if (peer_config(&peeraddr, (struct interface *)0,
 		    temp_cp.hmode, temp_cp.version, temp_cp.minpoll,
 		    temp_cp.maxpoll, fl, temp_cp.ttl, temp_cp.keyid,
 		    NULL) == 0) {
 			req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
 			return;
+		}
-		/*
+		datap += item_sz;
 		 * ntp_intres.c uses REQ_CONFIG/doconf() to add each
 		 * server after its name is resolved.  If we have been
 		 * disconnected from the network, it may notice the
 		 * network has returned and add the first server while
 		 * the relevant interface is still disabled, awaiting
 		 * the next interface rescan.  To get things moving
 		 * more quickly, trigger an interface scan now, except
 		 * if we have done so in the last half minute.
 		 */
 		if (soonest_ifrescan_time < current_time) {
 			soonest_ifrescan_time = current_time + 30;
 			timer_interfacetimeout(current_time);
 			DPRINTF(1, ("do_conf triggering interface rescan\n"));
 		cp = (struct conf_peer *)
 		    ((char *)cp + INFO_ITEMSIZE(inpkt->mbz_itemsize));
+	}
 	req_ack(srcadr, inter, inpkt, INFO_OKAY);
+}
 #if 0
 /* XXX */
 /*
  * dns_a - Snarf DNS info for an association ID
  */
 static void
 dns_a(
 	sockaddr_u *srcadr,
 @@ -1530,92 +1505,97 @@ dns_a(
+}
 #endif /* 0 */
 /*
  * do_unconf - remove a peer from the configuration list
  */
 static void
 do_unconf(
 	sockaddr_u *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt
+	)
+{
 	register struct conf_unpeer *cp;
 	struct conf_unpeer temp_cp;
 	register int items;
 	size_t item_sz;
 	char * datap;
 	register struct peer *peer;
 	sockaddr_u peeraddr;
 	int bad, found;
 	/*
 	 * This is a bit unstructured, but I like to be careful.
 	 * We check to see that every peer exists and is actually
 	 * configured.  If so, we remove them.  If not, we return
 	 * an error.
 	 */
 	items = INFO_NITEMS(inpkt->err_nitems);
-	cp = (struct conf_unpeer *)inpkt->data;
+	item_sz = INFO_ITEMSIZE(inpkt->mbz_itemsize);
 	datap = inpkt->data;
 	if (item_sz > sizeof(temp_cp)) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 		return;
+	}
 	bad = 0;
 	while (items-- > 0 && !bad) {
 		memset(&temp_cp, 0, sizeof(temp_cp));
 		memcpy(&temp_cp, datap, item_sz);
 		ZERO_SOCK(&peeraddr);
 		memcpy(&temp_cp, cp, INFO_ITEMSIZE(inpkt->mbz_itemsize));
 		if (client_v6_capable && temp_cp.v6_flag) {
 			AF(&peeraddr) = AF_INET6;
 			SOCK_ADDR6(&peeraddr) = temp_cp.peeraddr6;
 		} else {
 			AF(&peeraddr) = AF_INET;
 			NSRCADR(&peeraddr) = temp_cp.peeraddr;
+		}
 		SET_PORT(&peeraddr, NTP_PORT);
 #ifdef ISC_PLATFORM_HAVESALEN
 		peeraddr.sa.sa_len = SOCKLEN(&peeraddr);
 #endif
 		found = 0;
 		peer = NULL;
 		DPRINTF(1, ("searching for %s\n", stoa(&peeraddr)));
 		while (!found) {
 			peer = findexistingpeer(&peeraddr, peer, -1, 0);
 			if (!peer)
 				break;
 			if (peer->flags & FLAG_CONFIG)
 				found = 1;
+		}
 		if (!found)
 			bad = 1;
-		cp = (struct conf_unpeer *)
+		datap += item_sz;
 			((char *)cp + INFO_ITEMSIZE(inpkt->mbz_itemsize));
+	}
 	if (bad) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
 		return;
+	}
 	/*
 	 * Now do it in earnest.
 	 */
 	items = INFO_NITEMS(inpkt->err_nitems);
-	cp = (struct conf_unpeer *)inpkt->data;
+	datap = inpkt->data;
 	while (items-- > 0) {
 		memset(&temp_cp, 0, sizeof(temp_cp));
 		memcpy(&temp_cp, datap, item_sz);
 		memset(&peeraddr, 0, sizeof(peeraddr));
 		memcpy(&temp_cp, cp, INFO_ITEMSIZE(inpkt->mbz_itemsize));
 		if (client_v6_capable && temp_cp.v6_flag) {
 			AF(&peeraddr) = AF_INET6;
 			SOCK_ADDR6(&peeraddr) = temp_cp.peeraddr6;
 		} else {
 			AF(&peeraddr) = AF_INET;
 			NSRCADR(&peeraddr) = temp_cp.peeraddr;
+		}
 		SET_PORT(&peeraddr, NTP_PORT);
 #ifdef ISC_PLATFORM_HAVESALEN
 		peeraddr.sa.sa_len = SOCKLEN(&peeraddr);
 #endif
 		found = 0;
 		peer = NULL;
 @@ -1623,28 +1603,27 @@ do_unconf(
 		while (!found) {
 			peer = findexistingpeer(&peeraddr, peer, -1, 0);
 			if (!peer)
 				break;
 			if (peer->flags & FLAG_CONFIG)
 				found = 1;
+		}
 		NTP_INSIST(found);
 		NTP_INSIST(peer);
 		peer_clear(peer, "GONE");
 		unpeer(peer);
-		cp = (struct conf_unpeer *)
+		datap += item_sz;
 			((char *)cp + INFO_ITEMSIZE(inpkt->mbz_itemsize));
+	}
 	req_ack(srcadr, inter, inpkt, INFO_OKAY);
+}
 /*
  * set_sys_flag - set system flags
  */
 static void
 set_sys_flag(
 	sockaddr_u *srcadr,
 	struct interface *inter,
 @@ -1858,199 +1837,115 @@ do_unrestrict(
 /*
  * do_restrict - do the dirty stuff of dealing with restrictions
  */
 static void
 do_restrict(
 	sockaddr_u *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt,
 	int op
+	)
+{
-	register struct conf_restrict *cr;
+	struct conf_restrict cr;
 	register int items;
 	size_t item_sz;
 	char * datap;
 	sockaddr_u matchaddr;
 	sockaddr_u matchmask;
 	int bad;
 	/*
 	 * Do a check of the flags to make sure that only
 	 * the NTPPORT flag is set, if any.  If not, complain
 	 * about it.  Note we are very picky here.
 	 */
 	items = INFO_NITEMS(inpkt->err_nitems);
-	cr = (struct conf_restrict *)inpkt->data;
+	item_sz = INFO_ITEMSIZE(inpkt->mbz_itemsize);
 	datap = inpkt->data;
 	if (item_sz > sizeof(cr)) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 		return;
+	}
 	bad = 0;
 	cr->flags = ntohs(cr->flags);
 	cr->mflags = ntohs(cr->mflags);
 	while (items-- > 0 && !bad) {
-		if (cr->mflags & ~(RESM_NTPONLY))
+		memcpy(&cr, datap, item_sz);
 		cr.flags = ntohs(cr.flags);
 		cr.mflags = ntohs(cr.mflags);
 		if (cr.mflags & ~(RESM_NTPONLY))
 		    bad |= 1;
-		if (cr->flags & ~(RES_ALLFLAGS))
+		if (cr.flags & ~(RES_ALLFLAGS))
 		    bad |= 2;
-		if (cr->mask != htonl(INADDR_ANY)) {
+		if (cr.mask != htonl(INADDR_ANY)) {
-			if (client_v6_capable && cr->v6_flag != 0) {
+			if (client_v6_capable && cr.v6_flag != 0) {
-				if (IN6_IS_ADDR_UNSPECIFIED(&cr->addr6))
+				if (IN6_IS_ADDR_UNSPECIFIED(&cr.addr6))
 					bad |= 4;
 			} else
-				if (cr->addr == htonl(INADDR_ANY))
+				if (cr.addr == htonl(INADDR_ANY))
 					bad |= 8;
+		}
-		cr = (struct conf_restrict *)((char *)cr +
+		datap += item_sz;
 		    INFO_ITEMSIZE(inpkt->mbz_itemsize));
+	}
 	if (bad) {
 		msyslog(LOG_ERR, "do_restrict: bad = %#x", bad);
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 		return;
+	}
 	/*
 	 * Looks okay, try it out
 	 */
 	items = INFO_NITEMS(inpkt->err_nitems);
 	cr = (struct conf_restrict *)inpkt->data;
 	ZERO_SOCK(&matchaddr);
 	ZERO_SOCK(&matchmask);
 	datap = inpkt->data;
 	while (items-- > 0) {
-		if (client_v6_capable && cr->v6_flag) {
+		memcpy(&cr, datap, item_sz);
 		cr.flags = ntohs(cr.flags);
 		cr.mflags = ntohs(cr.mflags);
 		if (client_v6_capable && cr.v6_flag) {
 			AF(&matchaddr) = AF_INET6;
 			AF(&matchmask) = AF_INET6;
-			SOCK_ADDR6(&matchaddr) = cr->addr6;
+			SOCK_ADDR6(&matchaddr) = cr.addr6;
-			SOCK_ADDR6(&matchmask) = cr->mask6;
+			SOCK_ADDR6(&matchmask) = cr.mask6;
 		} else {
 			AF(&matchaddr) = AF_INET;
 			AF(&matchmask) = AF_INET;
-			NSRCADR(&matchaddr) = cr->addr;
+			NSRCADR(&matchaddr) = cr.addr;
-			NSRCADR(&matchmask) = cr->mask;
+			NSRCADR(&matchmask) = cr.mask;
+		}
-		hack_restrict(op, &matchaddr, &matchmask, cr->mflags,
+		hack_restrict(op, &matchaddr, &matchmask, cr.mflags,
-			 cr->flags);
+			 cr.flags);
-		cr++;
+		datap += item_sz;
+	}
 	req_ack(srcadr, inter, inpkt, INFO_OKAY);
+}
 /*
  * mon_getlist - return monitor data
  */
 static void
-mon_getlist_0(
+mon_getlist(
 	sockaddr_u *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt
 	register struct info_monitor *im;
 	register struct mon_data *md;
 	extern struct mon_data mon_mru_list;
 	extern int mon_enabled;
 #ifdef DEBUG
 	if (debug > 2)
 	    printf("wants monitor 0 list\n");
 #endif
 	if (!mon_enabled) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
 		return;
 	im = (struct info_monitor *)prepare_pkt(srcadr, inter, inpkt,
 	    v6sizeof(struct info_monitor));
 	for (md = mon_mru_list.mru_next; md != &mon_mru_list && im != 0;
 	     md = md->mru_next) {
 		im->lasttime = htonl((u_int32)((current_time -
 		    md->firsttime) / md->count));
 		im->firsttime = htonl((u_int32)(current_time - md->lasttime));
 		im->restr = htonl((u_int32)md->flags);
 		im->count = htonl((u_int32)(md->count));
 		if (IS_IPV6(&md->rmtadr)) {
 			if (!client_v6_capable)
 				continue;
 			im->addr6 = SOCK_ADDR6(&md->rmtadr);
 			im->v6_flag = 1;
 		} else {
 			im->addr = NSRCADR(&md->rmtadr);
 			if (client_v6_capable)
 				im->v6_flag = 0;
 		im->port = md->rmtport;
 		im->mode = md->mode;
 		im->version = md->version;
 		im = (struct info_monitor *)more_pkt();
 	flush_pkt();
 /*
  * mon_getlist - return monitor data
  */
 static void
 mon_getlist_1(
 	sockaddr_u *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt
+	)
+{
-	register struct info_monitor_1 *im;
+	req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
 	register struct mon_data *md;
 	extern struct mon_data mon_mru_list;
 	extern int mon_enabled;
 	if (!mon_enabled) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
 		return;
 	im = (struct info_monitor_1 *)prepare_pkt(srcadr, inter, inpkt,
 	    v6sizeof(struct info_monitor_1));
 	for (md = mon_mru_list.mru_next; md != &mon_mru_list && im != 0;
 	     md = md->mru_next) {
 		im->lasttime = htonl((u_int32)((current_time -
 		    md->firsttime) / md->count));
 		im->firsttime = htonl((u_int32)(current_time - md->lasttime));
 		im->restr = htonl((u_int32)md->flags);
 		im->count = htonl((u_int32)md->count);
 		if (IS_IPV6(&md->rmtadr)) {
 			if (!client_v6_capable)
 				continue;
 			im->addr6 = SOCK_ADDR6(&md->rmtadr);
 			im->v6_flag = 1;
 			im->daddr6 = SOCK_ADDR6(&md->interface->sin);
 		} else {
 			im->addr = NSRCADR(&md->rmtadr);
 			if (client_v6_capable)
 				im->v6_flag = 0;
 			if (MDF_BCAST == md->cast_flags)
 				im->daddr = NSRCADR(&md->interface->bcast);
 			else if (md->cast_flags) {
 				im->daddr = NSRCADR(&md->interface->sin);
 				if (!im->daddr)
 					im->daddr = NSRCADR(&md->interface->bcast);
 			} else
 				im->daddr = 4;
 		im->flags = htonl(md->cast_flags);
 		im->port = md->rmtport;
 		im->mode = md->mode;
 		im->version = md->version;
 		im = (struct info_monitor_1 *)more_pkt();
 	flush_pkt();
+}
 /*
  * Module entry points and the flags they correspond with
  */
 struct reset_entry {
 	int flag;		/* flag this corresponds to */
 	void (*handler) (void); /* routine to handle request */
 };
 struct reset_entry reset_entries[] = {
 	{ RESET_FLAG_ALLPEERS,	peer_all_reset },
 	{ RESET_FLAG_IO,	io_clr_stats },
 @@ -2100,92 +1995,100 @@ reset_stats(
+}
 /*
  * reset_peer - clear a peer's statistics
  */
 static void
 reset_peer(
 	sockaddr_u *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt
+	)
+{
-	struct conf_unpeer *cp;
+	struct conf_unpeer cp;
 	int items;
 	size_t item_sz;
 	char * datap;
 	struct peer *peer;
 	sockaddr_u peeraddr;
 	int bad;
 	/*
 	 * We check first to see that every peer exists.  If not,
 	 * we return an error.
 	 */
 	items = INFO_NITEMS(inpkt->err_nitems);
-	cp = (struct conf_unpeer *)inpkt->data;
+	item_sz = INFO_ITEMSIZE(inpkt->mbz_itemsize);
 	datap = inpkt->data;
 	if (item_sz > sizeof(cp)) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 		return;
+	}
 	bad = 0;
 	while (items-- > 0 && !bad) {
 		memset(&cp,0,sizeof(cp));
 		memcpy(&cp, datap, item_sz);
 		ZERO_SOCK(&peeraddr);
-		if (client_v6_capable && cp->v6_flag) {
+		if (client_v6_capable && cp.v6_flag) {
 			AF(&peeraddr) = AF_INET6;
-			SOCK_ADDR6(&peeraddr) = cp->peeraddr6;
+			SOCK_ADDR6(&peeraddr) = cp.peeraddr6;
 		} else {
 			AF(&peeraddr) = AF_INET;
-			NSRCADR(&peeraddr) = cp->peeraddr;
+			NSRCADR(&peeraddr) = cp.peeraddr;
+		}
 #ifdef ISC_PLATFORM_HAVESALEN
 		peeraddr.sa.sa_len = SOCKLEN(&peeraddr);
 #endif
 		peer = findexistingpeer(&peeraddr, NULL, -1, 0);
 		if (NULL == peer)
 			bad++;
-		cp = (struct conf_unpeer *)((char *)cp +
+		datap += item_sz;
 		    INFO_ITEMSIZE(inpkt->mbz_itemsize));
+	}
 	if (bad) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
 		return;
+	}
 	/*
 	 * Now do it in earnest.
 	 */
-	items = INFO_NITEMS(inpkt->err_nitems);
+	datap = inpkt->data;
 	cp = (struct conf_unpeer *)inpkt->data;
 	while (items-- > 0) {
 		memset(&cp,0,sizeof(cp));
 		memcpy(&cp, datap, item_sz);
 		ZERO_SOCK(&peeraddr);
-		if (client_v6_capable && cp->v6_flag) {
+		if (client_v6_capable && cp.v6_flag) {
 			AF(&peeraddr) = AF_INET6;
-			SOCK_ADDR6(&peeraddr) = cp->peeraddr6;
+			SOCK_ADDR6(&peeraddr) = cp.peeraddr6;
 		} else {
 			AF(&peeraddr) = AF_INET;
-			NSRCADR(&peeraddr) = cp->peeraddr;
+			NSRCADR(&peeraddr) = cp.peeraddr;
+		}
 		SET_PORT(&peeraddr, 123);
 #ifdef ISC_PLATFORM_HAVESALEN
 		peeraddr.sa.sa_len = SOCKLEN(&peeraddr);
 #endif
 		peer = findexistingpeer(&peeraddr, NULL, -1, 0);
 		while (peer != NULL) {
 			peer_reset(peer);
 			peer = findexistingpeer(&peeraddr, peer, -1, 0);
+		}
-		cp = (struct conf_unpeer *)((char *)cp +
+		datap += item_sz;
 		    INFO_ITEMSIZE(inpkt->mbz_itemsize));
+	}
 	req_ack(srcadr, inter, inpkt, INFO_OKAY);
+}
 /*
  * do_key_reread - reread the encryption key file
  */
 static void
 do_key_reread(
 	sockaddr_u *srcadr,
 	struct interface *inter,
 @@ -2877,27 +2780,27 @@ fill_info_if_stats(void *data, interface
 			return;
+		}
 		ifs->v6_flag = 1;
 		ifs->unaddr.addr6 = SOCK_ADDR6(&ep->sin);
 		ifs->unbcast.addr6 = SOCK_ADDR6(&ep->bcast);
 		ifs->unmask.addr6 = SOCK_ADDR6(&ep->mask);
 	} else {
 		ifs->v6_flag = 0;
 		ifs->unaddr.addr = SOCK_ADDR4(&ep->sin);
 		ifs->unbcast.addr = SOCK_ADDR4(&ep->bcast);
 		ifs->unmask.addr = SOCK_ADDR4(&ep->mask);
+	}
 	ifs->v6_flag = htonl(ifs->v6_flag);
-	strncpy(ifs->name, ep->name, sizeof(ifs->name));
+	strlcpy(ifs->name, ep->name, sizeof(ifs->name));
 	ifs->family = htons(ep->family);
 	ifs->flags = htonl(ep->flags);
 	ifs->last_ttl = htonl(ep->last_ttl);
 	ifs->num_mcast = htonl(ep->num_mcast);
 	ifs->received = htonl(ep->received);
 	ifs->sent = htonl(ep->sent);
 	ifs->notsent = htonl(ep->notsent);
 	ifs->ifindex = htonl(ep->ifindex);
 	/* scope no longer in struct interface, in in6_addr typically */
 	ifs->scopeid = ifs->ifindex;
 	ifs->ifnum = htonl(ep->ifnum);
 	ifs->uptime = htonl(current_time - ep->starttime);
 	ifs->ignore_packets = ep->ignore_packets;

 @@ -1,76 +1,119 @@
-# $NetBSD: ntp.conf,v 1.14 2012/01/16 22:20:45 christos Exp $
+# $NetBSD: ntp.conf,v 1.14.2.1 2014/01/06 19:12:15 bouyer Exp $
+#
 # NetBSD default Network Time Protocol (NTP) configuration file for ntpd
 # This file is intended to be both a usable default, and a Quick-Start
 # Guide. The directives and options listed here are not at all complete.
 # A great deal of additional documentation, including links to FAQS and
 # other guides, may be found on the official NTP web site, in particular
+#
 #	http://www.ntp.org/documentation.html
+#
 # Process ID file, so that the daemon can be signalled from scripts
 pidfile		/var/run/ntpd.pid
 # The correction calculated by ntpd(8) for the local system clock's
 # drift is stored here.
 driftfile	/var/db/ntp.drift
 # Suppress the syslog(3) message for each peer synchronization change.
 logconfig	-syncstatus
-# This will help minimize disruptions due to network congestion. Don't
+# Refuse to set the local clock if there are too few good peers or servers.
 # This may help minimize disruptions due to network congestion. Don't
 # do this if you configure only one server!
 tos		minsane 2
 # Set the number of tries to register with mdns. 0 means never
+#
 mdnstries	0
 # Access control restrictions.
 # See /usr/share/doc/html/ntp/accopt.html for syntax.
 # See <http://support.ntp.org/bin/view/Support/AccessRestrictions> for advice.
 # Last match wins.
+#
 # Some of the more common keywords are:
 #   ignore      Deny packets of all kinds.
 #   kod         Send "kiss-o'-death" packets if clients exceed rate
 #               limits.
 #   nomodify    Deny attempts to modify the state of the server via
 #               ntpq or ntpdc queries.
 #   noquery     Deny all ntpq and ntpdc queries.  Does not affect time
 #               synchronisation.
 #   nopeer      Prevent establishing an new peer association.
 #               Does not affect preconfigured peer associations.
 #               Does not affect client/server time synchronisation.
 #   noserve     Deny all time synchronisation.  Does not affect ntpq or
 #               ntpdc queries.
 #   notrap      Deny the trap subset of the ntpdc control message protocol.
 #   notrust     Deny packets that are not cryptographically authenticated.
+#
 # By default, either deny everything, or allow client/server time exchange
 # but deny configuration changes, queries, and peer associations that were not
 # explicitly configured.
 # (Uncomment one of the following "restrict default" lines.)
+#
 #restrict default ignore
 restrict default kod nopeer noquery
 # Fewer restrictions for the local subnet.
 # (Uncomment and adjust as appropriate.)
+#
 #restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer
 #restrict 2001:db8:: mask ffff:ffff::  kod nomodify notrap nopeer
 # No restrictions for localhost.
+#
 restrict 127.0.0.1
 restrict ::1
 # Hereafter should be "server" or "peer" statements to configure other
-# hosts to exchange NTP packets with. Peers should be selected in such
+# hosts to exchange NTP packets with.
 # a way that the network path to them is symmetric (that is, the series
-# of links and routers used to get to the peer is the same one that the
+# See <http://support.ntp.org/bin/view/Support/DesigningYourNTPNetwork>
-# peer uses to get back. NTP assumes such symmetry in its network delay
+# and <http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers>
-# calculation. NTP will apply an incorrect adjustment to timestamps
+# for advice.
 # received from the peer if the path is not symmetric. This can result
-# in clock skew (your system clock being maintained consistently wrong
+# Peers should be selected in such a way that the network path to them
-# by a certain amount).
+# is short, uncongested, and symmetric (that is, the series of links
 # and routers used to get to the peer is the same one that the peer
-# The best way to select symmetric peers is to make sure that the
+# uses to get back).  The best place to start looking for NTP peers for
-# network path to them is as short as possible (this reduces the chance
+# your system is within your own network, or at your Internet Service
-# that there is more than one network path between you and your peer).
+# Provider (ISP).
 # You can measure these distances with the traceroute(8)  program. The
 # best place to start looking for NTP peers for your system is within
 # your own network, or at your Internet Service Provider (ISP).
+#
 # Ideally, you should select at least three other systems to talk NTP
 # with, for an "what I tell you three times is true" effect.
+#
 #peer		an.ntp.peer.goes.here
 #server		an.ntp.server.goes.here
 #restrict	an.ntp.server.goes.here nomodify notrap
-# Public servers from the pool.ntp.org project. Volunteer's servers
+# The pool.ntp.org project coordinates public time servers provided by
-# are dynamically assigned to the CNAMES below via DNS round-robin.
+# volunteers.  See <http://www.pool.ntp.org>.  The *.netbsd.pool.ntp.org
 # servers are intended to be used by default on NetBSD hosts, but
 # servers that are closer to you are likely to be better.  Consider
 # using servers specific to your country, a nearby country, or your
 # continent.
+#
 # The pool.ntp.org project needs more volunteers! The only criteria to
 # join are a nailed-up connection and a static IP address. For details,
 # see the web page:
+#
-#	http://www.pool.ntp.org/join.html
+#       http://www.pool.ntp.org/join.html
+#
-# Depending on the vagaries of DNS can occasionally pull in the same
+server          0.netbsd.pool.ntp.org
-# server twice. The following CNAMES are guaranteed to be disjoint, at
+restrict        0.netbsd.pool.ntp.org nomodify notrap
-# least over some short interval. The following servers are allocated
+server          1.netbsd.pool.ntp.org
-# to the NetBSD project.
+restrict        1.netbsd.pool.ntp.org nomodify notrap
 server          2.netbsd.pool.ntp.org
-server		0.netbsd.pool.ntp.org
+restrict        2.netbsd.pool.ntp.org nomodify notrap
-server		1.netbsd.pool.ntp.org
+server          3.netbsd.pool.ntp.org
-server		2.netbsd.pool.ntp.org
+restrict        3.netbsd.pool.ntp.org nomodify notrap
 server		3.netbsd.pool.ntp.org