NTP BUG 3381: Copious amounts of Unused Code

Last update: February 14, 2022 13:55 UTC (b6ca43fd1)


Summary

Resolved 4.2.8p10 21 Mar 2017
References Bug 3381

Description

The report says: Statically included external projects potentially introduce several problems and the issue of having extensive amounts of code that is “dead” in the resulting binary must clearly be pointed out. The unnecessary unused code may or may not contain bugs and, quite possibly, might be leveraged for code-gadget-based branch-flow redirection exploits. Analogically, having source trees statically included as well means a failure in taking advantage of the free feature for periodical updates. This solution is offered by the system’s Package Manager. The three libraries identified are libisc, libevent, and libopts.


Resolution


Credit

This issue was discovered by Cure53.


Timeline