[ntp:security] [Bug 1331] DoS with mode 7 packets (CVE-2009-3563)

Danny Mayer mayer at ntp.org
Fri Oct 9 00:22:31 UTC 2009


Dave Hart wrote:
> On Thu, Oct 8, 2009 at 3:16 AM, Danny Mayer <mayer at ntp.org> wrote:
>> After review of the rate-limited logging that was suggested I have
>> concluded that it would be a potential problem dealing with the
>> "current_time" variable which has not been declared volatile and has no
>> locks around it for potential problems with multiple access and changes.
>> This kind of logging should be left to a regular release of the code
>> when there is time to ensure that the time used to check for
>> rate-limiting is atomically retrieved.
> 
> This concern of atomic access to current_time is misplaced.  ntpd has
> a single thread which modifies current_time, and it's the same thread
> which executes process_private().  There is no need for "volatile" or
> locking when the fact that process_private() is running guarantees
> that the code that modifies current_time will not run.
> 

No it isn't misplaced. current_time is not well controlled, can be
overwritten and other havoc can happen. After 30 years it's east to spot
potential trouble errors and anything that might affect the fix needs to
be avoided at all costs until after the fix has gone out and the change
examined from all sides. It should not be depended upon for a critical
fix. By the way you have a trivial error in the code you wrote to
implement this in ntp_request.c.

Danny

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the security mailing list