Backport of: From ba716a464ecb20618560075f2e4e1051e5b6f24f Mon Sep 17 00:00:00 2001 From: <stenn@psp-deb1.ntp.org> Date: Tue, 6 Oct 2015 08:51:27 +0000 Subject: [PATCH] [Sec 2922] decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values. Harlan Stenn. --- ChangeLog | 2 ++ libntp/decodenetnum.c | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) Index: ntp-4.2.6.p5+dfsg/libntp/decodenetnum.c =================================================================== --- ntp-4.2.6.p5+dfsg.orig/libntp/decodenetnum.c 2015-10-22 16:33:46.801593867 -0400 +++ ntp-4.2.6.p5+dfsg/libntp/decodenetnum.c 2015-10-22 16:34:20.921912557 -0400 @@ -36,7 +36,10 @@ char name[80]; NTP_REQUIRE(num != NULL); - NTP_REQUIRE(strlen(num) < sizeof(name)); + + if (strlen(num) >= sizeof(name)) { + return 0; + } port_str = NULL; if ('[' != num[0]) {