[LinuxPPS] some more info on recent attempt at nmea patch
Udo van den Heuvel
udovdh at xs4all.nl
Sat Aug 26 18:15:06 CEST 2006
Udo van den Heuvel wrote:
> So I started ntpd with some debugging and it finds a buffer overflow:
>
> [root at epia ntpd]# ./ntpd -d -d -d
[...]
> ffffe000-fffff000 ---p 00000000 00:00 0 [vdso]
> Aborted
I found that the code probably stops bafore completing this piece of
code in the nmea refclock:
/* Try to find the source */
fd = time_pps_findpath(path, 70, id, 70);
(yes, I increased the size of the arrays a bit)
Some added logging in timepps.h reveals something goes wrong after
binding the socket, so probably here:
/* Ask the kernel to destroy the PPS source */
nlpps.cmd = PPS_FIND_PATH;
strncpy(nlpps.path, path, pathlen);
ret = netlink_msg(sock, &nlpps);
if (ret < 0) {
close(sock);
return ret;
}
msyslog(LOG_ERR, "findpath: PPS source destroyed");
strncpy(path, nlpps.path, pathlen);
strncpy(idstring, nlpps.name, idlen);
close(sock);
msyslog(LOG_ERR, "findpath: PPS socket closed");
return nlpps.source;
}
(the 2 msyslogs are never reached)
Conclusion?
Rodolfo?
More information about the LinuxPPS
mailing list