[ntp:security] [Bug 2917] TALOS-CAN-0055: PCRWS: Infinite loop if extended logging enabled and the logfile and keyfile are the same.

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Sat Oct 3 06:45:18 UTC 2015


https://bugs.ntp.org/show_bug.cgi?id=2917

Juergen Perlinger <perlinger at ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CONFIRMED                   |IN_PROGRESS
                 CC|                            |perlinger at ntp.org
         AssignedTo|stenn at ntp.org               |perlinger at ntp.org

--- Comment #4 from Juergen Perlinger <perlinger at ntp.org> 2015-10-03 06:45:18 UTC ---
to avoid this, one would have to check if two files are the same on inode
level. That's difficult to achieve since Posix/Unix, VMS and Windows have
sufficiently different concepts here. It would also involve quite some
bookkeeping.

A simple solution to prevent NTPD going into an endless loop would be to log
say the first 5 errors and break the loop forcefully after 15 or so, creating
only an additional summary log entry in that case.

They keys are all gone, of course: autkhreadeys() does a 'clear&evaluate'
instead of a 'evaluate&swap' style of operation. Changing this is more work
since the key store is not single encapsulated object but uses a bunch of
global/static variables.

So as a first step to avoid the endless loop I propose to give up key file
parsing after a fixed maximum number of errors, and be less excessive in
logging.

-- 
Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list