[ntp:security] [Bug 1331] DoS with mode 7 packets (CVE-2009-3563)

Dave Hart davehart at gmail.com
Fri Oct 9 01:17:26 UTC 2009


On Fri, Oct 9, 2009 at 12:22 AM, Danny Mayer <mayer at ntp.org> wrote:
> No it isn't misplaced. current_time is not well controlled, can be
> overwritten and other havoc can happen. After 30 years it's east to spot
> potential trouble errors and anything that might affect the fix needs to
> be avoided at all costs until after the fix has gone out and the change
> examined from all sides. It should not be depended upon for a critical
> fix.

You sure are full of hot air on this point.  current_time is modified
in exactly one place, timer().  Both timer() and process_private() run
on ntpd's main thread, and there is simply no way for current_time to
be modified while process_private() is running.  This may be a
potential trouble error but it's not an error and it's not trouble.

> By the way you have a trivial error in the code you wrote to
> implement this in ntp_request.c.

I am all ears.

Cheers,
Dave Hart


More information about the security mailing list