From bc6efb40cd9db11253bbcfcc16143b349ffaf36b Mon Sep 17 00:00:00 2001
From: eric <>
Date: Sun, 7 Jun 2009 00:40:46 +0000
Subject: [PATCH] Make the imsg protocol network-safe.

ok pyr@
---
 src/usr.sbin/ntpd/imsg.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/usr.sbin/ntpd/imsg.c b/src/usr.sbin/ntpd/imsg.c
index 0815b1c6..a70cb77d 100644
--- a/src/usr.sbin/ntpd/imsg.c
+++ b/src/usr.sbin/ntpd/imsg.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: imsg.c,v 1.14 2009/06/06 22:11:25 eric Exp $	*/
+/*	$OpenBSD: imsg.c,v 1.15 2009/06/07 00:40:46 eric Exp $	*/
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -105,8 +105,12 @@ imsg_get(struct imsgbuf *ibuf, struct imsg *imsg)
 		errno = ERANGE;
 		return (-1);
 	}
-	if (imsg->hdr.len > av)
+	if ((imsg->hdr.len = ntohs(imsg->hdr.len)) > av)
 		return (0);
+	imsg->hdr.type = ntohl(imsg->hdr.type);
+	imsg->hdr.flags = ntohs(imsg->hdr.flags);
+	imsg->hdr.peerid = ntohl(imsg->hdr.peerid);
+	imsg->hdr.pid = ntohl(imsg->hdr.pid);
 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
 	ibuf->r.rptr = ibuf->r.buf + IMSG_HEADER_SIZE;
 	if ((imsg->data = malloc(datalen)) == NULL) {
@@ -212,7 +216,11 @@ imsg_close(struct imsgbuf *ibuf, struct buf *msg)
 	struct imsg_hdr	*hdr;
 
 	hdr = (struct imsg_hdr *)msg->buf;
-	hdr->len = (u_int16_t)msg->wpos;
+	hdr->type = htonl(hdr->type);
+	hdr->len = htons(msg->wpos);
+	hdr->flags = htons(hdr->flags);
+	hdr->peerid = htonl(hdr->peerid);
+	hdr->pid = htonl(hdr->pid);
 	buf_close(&ibuf->w, msg);
 }