devel@ntpsec.org said:
> Thanks for spotting that. We'll ship a CVE and a point release shortly.
It was easy to spot. The test case didn't work and there was garbage in the
log.
There are two more bugs/quirks that I'm investigating. I don't think either
is worth waiting for.
If you typo
> Would you please post a filename and line range(s) for me to look at?
You need the draft RFC in one hand. You also need the NTP extension specs -
RFC 7822. They are similar, but different in the way the length is
interpreted.
git log -p 7fb3de6ee9a88cda7910f697a6002dc3e78f5a7b
will show you
Hal wrote:
>I just pushed a fix.
Thanks for spotting that. We'll ship a CVE and a point release
shortly. Before we do that, though, please audit for smilar bugs
nearby. Any extraction you do from the response should be rechecked
to make sure the copy is properly bounded or sentineled.
Would you