From 64fd1b8ba53b6a9194ab3f83264a19708ce4fc57 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Thu, 9 May 2019 17:34:53 +0200 Subject: [PATCH] ntp: check value returned by CMSG_FIRSTHDR In NIO_Linux_RequestTxTimestamp(), check the returned pointer and the length of the buffer before adding the control message. This fixes an issue reported by the Clang static analyzer. --- ntp_io_linux.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ntp_io_linux.c b/ntp_io_linux.c index 374ac5c..f0cf121 100644 --- a/ntp_io_linux.c +++ b/ntp_io_linux.c @@ -856,7 +856,12 @@ NIO_Linux_RequestTxTimestamp(struct msghdr *msg, int cmsglen, int sock_fd) /* Add control message that will enable TX timestamping for this message. Don't use CMSG_NXTHDR as the one in glibc is buggy for creating new control messages. */ - cmsg = (struct cmsghdr *)((char *)CMSG_FIRSTHDR(msg) + cmsglen); + + cmsg = CMSG_FIRSTHDR(msg); + if (!cmsg || cmsglen + CMSG_SPACE(sizeof (ts_tx_flags)) > msg->msg_controllen) + return cmsglen; + + cmsg = (struct cmsghdr *)((char *)cmsg + cmsglen); memset(cmsg, 0, CMSG_SPACE(sizeof (ts_tx_flags))); cmsglen += CMSG_SPACE(sizeof (ts_tx_flags));