package/openntpd/openntpd_4_abort_if_adjtime_fails.patch - buildroot - Git at Google

 From 5022a0c49d98c498a3f5d8adb8814021ad6ce03f Mon Sep 17 00:00:00 2001
 From: Avery Pennarun <apenwarr@gmail.com>
 Date: Tue, 11 Jun 2013 00:38:41 -0400
 Subject: Abort if adjtime() fails or settime() refuses to set the time.

 There's no point running an ntp daemon if it can't adjtime(); that's all it
 does.  If we abort, the process babysitter can restart it.  We previously
 tried tricks like falling back to settime() but that can cause weird
 confusion in the state machine (such as double-adding very large time
 offsets - offsets calculated for adjtime, not really for settime - by
 accident when we get two packets in rapid succession).
 ---
  ntpd.c |   13 ++++++++-----
  1 files changed, 8 insertions(+), 5 deletions(-)

 diff --git a/ntpd.c b/ntpd.c
 index 22db996..0515752 100644
 --- a/ntpd.c
 +++ b/ntpd.c
 @@ -305,8 +305,10 @@ dispatch_imsg(struct ntpd_conf *conf)
  		case IMSG_SETTIME:
  			if (imsg.hdr.len != IMSG_HEADER_SIZE + sizeof(d))
  				fatalx("invalid IMSG_SETTIME received");
 -			if (!conf->settime)
 -				break;
 +			if (d && !conf->settime) {
 +				log_debug("can't IMSG_SETTIME since !conf->settime; aborting to start over.");
 +				exit(26);
 +			}
  			log_init(conf->debug);
  			memcpy(&d, imsg.data, sizeof(d));
  			ntpd_settime(d);
 @@ -358,9 +360,10 @@ ntpd_adjtime(double d)
  	else
  		log_debug("adjusting local clock by %fs", d);
  	d_to_tv(d, &tv);
 -	if (adjtime(&tv, &olddelta) == -1)
 -		log_warn("adjtime failed");
 -	else if (!firstadj && olddelta.tv_sec == 0 && olddelta.tv_usec == 0)
 +	if (adjtime(&tv, &olddelta) == -1) {
 +		log_warn("adjtime failed, aborting");
 +		exit(26);
 +	} else if (!firstadj && olddelta.tv_sec == 0 && olddelta.tv_usec == 0)
  		synced = 1;
  	firstadj = 0;
  	return (synced);
 --
 1.7.9.dirty
	From 5022a0c49d98c498a3f5d8adb8814021ad6ce03f Mon Sep 17 00:00:00 2001
	From: Avery Pennarun <apenwarr@gmail.com>
	Date: Tue, 11 Jun 2013 00:38:41 -0400
	Subject: Abort if adjtime() fails or settime() refuses to set the time.

	There's no point running an ntp daemon if it can't adjtime(); that's all it
	does. If we abort, the process babysitter can restart it. We previously
	tried tricks like falling back to settime() but that can cause weird
	confusion in the state machine (such as double-adding very large time
	offsets - offsets calculated for adjtime, not really for settime - by
	accident when we get two packets in rapid succession).
	---
	ntpd.c \| 13 ++++++++-----
	1 files changed, 8 insertions(+), 5 deletions(-)

	diff --git a/ntpd.c b/ntpd.c
	index 22db996..0515752 100644
	--- a/ntpd.c
	+++ b/ntpd.c
	@@ -305,8 +305,10 @@ dispatch_imsg(struct ntpd_conf *conf)
	case IMSG_SETTIME:
	if (imsg.hdr.len != IMSG_HEADER_SIZE + sizeof(d))
	fatalx("invalid IMSG_SETTIME received");
	- if (!conf->settime)
	- break;
	+ if (d && !conf->settime) {
	+ log_debug("can't IMSG_SETTIME since !conf->settime; aborting to start over.");
	+ exit(26);
	+ }
	log_init(conf->debug);
	memcpy(&d, imsg.data, sizeof(d));
	ntpd_settime(d);
	@@ -358,9 +360,10 @@ ntpd_adjtime(double d)
	else
	log_debug("adjusting local clock by %fs", d);
	d_to_tv(d, &tv);
	- if (adjtime(&tv, &olddelta) == -1)
	- log_warn("adjtime failed");
	- else if (!firstadj && olddelta.tv_sec == 0 && olddelta.tv_usec == 0)
	+ if (adjtime(&tv, &olddelta) == -1) {
	+ log_warn("adjtime failed, aborting");
	+ exit(26);
	+ } else if (!firstadj && olddelta.tv_sec == 0 && olddelta.tv_usec == 0)
	synced = 1;
	firstadj = 0;
	return (synced);
	--
	1.7.9.dirty