[ntp:security] memory leak

kevin.mcgrath at no.abb.com kevin.mcgrath at no.abb.com
Mon Dec 17 08:54:00 UTC 2007


We are running NTP on Windows XP Pro SP2. 
When flooding the NTP service the ntpd process' private bytes usage grows 
continuously. At some point the service will reach its allocated buffer 
limit and probably crash. Prior to starting flooding the ntpd process' 
private bytes usage is at 921k but once flooding commences after a short 
time interval of 100 seconds the private bytes performance counter is 50 
MB. These results apply to both the stable and development codebase. The 
tested stable version is 4.2.4p4 at 1.1520-modena-o (Meinberg) and the 
development version is 4.2.5p106.

The flooding test tool used is the "IP Stack Integrity Checker" (ISIC) 
suite at full speed. The purpose of these tests is to understand the 
impact on the NTP stack to flooding. The ISIC suite is an open source 
tool, which runs on Linux and is available from 
http://isic.sourceforge.net. The ISIC version in use is v0.07. The 
following ISIC syntax can be used to reproduce the above scenario:

udpsic -i ethX -r 1 -s rand -d <ip_addr>,123 -F0 -V0 -I0 -p10000000, 

where X is the Ethernet interface number and 123 is the NTP port number. 

Kind Regards
Geir & Kevin 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ntp.org/mailman/private/security/attachments/20071217/6e59e0a2/attachment.html 

More information about the security mailing list