[ntp:questions] What to do for clients less than 4.2.8?

David Woolley david at ex.djwhome.demon.invalid
Sun Dec 21 09:53:19 UTC 2014

On 20/12/14 20:54, A C wrote:
> Ok, so the remaining uncertainty is whether some of the crafted packets
> can be the response packets for a normal time exchange or if they're
> only query/config packets.  The advisory isn't completely clear on what
> types of packets can cause the buffer overflows.

ctl_putdata handles the responses to ntpq type control packets. 
configure is the action routine for a particular control type request. 
They are both in ntp_control.c, whose first four lines are:

  * ntp_control.c - respond to mode 6 control messages and send async
  *		   traps.  Provides service to ntpq and others.

I didn't check the encryption one, as casual users don't use encryption. 
  It may well turn out to be the encryption used for control packets.

More information about the questions mailing list