[PATCH v2] Ntpd config file support

Tito farmatito at tiscali.it
Sun Mar 23 09:28:55 UTC 2014 

On Saturday 22 March 2014 23:46:44 Isaac Dunham wrote:
> On Sat, Mar 22, 2014 at 08:40:48PM +0100, Harald Becker wrote:
> > Hi Isaac !
> > 
> > Your program will fail on lines starting with the word server
> > (eg. serverxyz), that is it does not check for clear word
> > boundary and gives wrong results in that case.
> 
> ...which are not legitimate entries in ntp.conf.
> 
> My aim is to parse a correct ntp.conf, and not cause security problems
> on incorrect ones.
> 
> > >while (cbuf[i] > 35) i++;
> > 
> > Unwise to do this in a not poor ASCII environment, as most
> > systems are nowadays. This way you allow unprintable and any
> > kind of illegal characters in time server addresses. 
> Fixing. 
> The fix expects chars exclusively in the set [-.:0-9a-zA-Z], which all 
> valid hostnames and IP addresses (ipv4/ipv6) have.
> 
> >... and what
> > about buffer overflow? Won't this loop then run to unknown
> > locations?
> 
> Not possible. i is size_t, and getline() is _always_ \0 terminated.
> However, the previous loop did have a potential buffer overrun if the
> line ended prematurely:
> server \n\0 would result in it walking over the end and writing 0 to the
> first character less than 36 after a sequence of chars greater than
> 35 ('#')...
> 
> > Beside this: Make it a default NO configuration, not being
> > included in binaries build from standard options.
> 
> OK. 
> (Denys gets the final say on that, though.)
> 
> Here's a version that has the issues mentioned fixed, and removes the 10
> byte overhead.
> It accepts "peer" as well as "server", and runs 320 bytes.
> 
> 
> Thanks,
> Isaac Dunham
> 
HI,
couldn't this parser use bb's parse infrastructure in libbb/parse_config.c?

///config:	  Typical usage of parse API:
////config:		char *t[3];
////config:		parser_t *p = config_open(filename);
////config:		while (config_read(p, t, 3, 0, delimiters, flags)) { // 1..3 tokens
////config:			bb_error_msg("TOKENS: '%s''%s''%s'", t[0], t[1], t[2]);
////config:		}
////config:		config_close(p);


I think /etc/ntp.conf string should be moved to libbb.h.

Ciao,
Tito

More information about the busybox mailing list