[src/netbsd-3-0]: src/dist/ntp/ntpq Pull up following revision(s) (requested ...

[snj <snj%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/a548e2af3902
branches:  netbsd-3-0
changeset: 579530:a548e2af3902
user:      snj <snj%NetBSD.org@localhost>
date:      Sat Apr 18 00:26:31 2009 +0000

description:
Pull up following revision(s) (requested by christos in ticket #2009):
        dist/ntp/ntpq/ntpq.c: revision 1.12
Fix:
    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0159
Using:
    https://support.ntp.org/bugs/show_bug.cgi?id=1144

diffstat:

 dist/ntp/ntpq/ntpq.c |  9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diffs (23 lines):

diff -r 90c19f1fdecd -r a548e2af3902 dist/ntp/ntpq/ntpq.c
--- a/dist/ntp/ntpq/ntpq.c      Tue Apr 14 09:03:48 2009 +0000
+++ b/dist/ntp/ntpq/ntpq.c      Sat Apr 18 00:26:31 2009 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ntpq.c,v 1.6 2003/12/04 16:23:38 drochner Exp $        */
+/*     $NetBSD: ntpq.c,v 1.6.10.1 2009/04/18 00:26:31 snj Exp $        */
 
 /*
  * ntpq - query an NTP server using mode 6 commands
@@ -3122,9 +3122,10 @@
                                if (!decodeuint(value, &uval))
                                    output_raw = '?';
                                else {
-                                       char b[10];
-
-                                       (void) sprintf(b, "%03lo", uval);
+                                       char b[12];
+
+                                       (void) snprintf(b, sizeof(b), "%03lo",
+                                           uval);
                                        output(fp, name, b);
                                }
                                break;