From ff4abc69c31b5a8c2d9bb1f1dc536fbdd5079c60 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Fri, 15 Aug 2014 12:54:32 +0200
Subject: [PATCH] Check for truncated source address when receiving packets

---
 cmdmon.c | 3 +++
 ntp_io.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/cmdmon.c b/cmdmon.c
index 37f0d3d..2f354e3 100644
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -1644,6 +1644,9 @@ read_from_cmd_socket(void *anything)
     return;
   }
 
+  if (from_length > sizeof (where_from))
+    LOG_FATAL(LOGF_CmdMon, "Truncated source address");
+
   read_length = status;
 
   LCL_ReadRawTime(&now);
diff --git a/ntp_io.c b/ntp_io.c
index 72f6a66..d691735 100644
--- a/ntp_io.c
+++ b/ntp_io.c
@@ -481,6 +481,9 @@ read_from_socket(void *anything)
      reponse on a subsequent recvfrom). */
 
   if (status > 0) {
+    if (msg.msg_namelen > sizeof (where_from))
+      LOG_FATAL(LOGF_NtpIO, "Truncated source address");
+
     switch (where_from.u.sa_family) {
       case AF_INET:
         remote_addr.ip_addr.family = IPADDR_INET4;