[ntp:security] [Bug 2948] Potential Infinite Loop in ntpq

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Sat Oct 17 09:34:29 UTC 2015


https://bugs.ntp.org/show_bug.cgi?id=2948

Juergen Perlinger <perlinger at ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CONFIRMED                   |IN_PROGRESS
                 CC|                            |perlinger at ntp.org
         AssignedTo|stenn at ntp.org               |perlinger at ntp.org

--- Comment #1 from Juergen Perlinger <perlinger at ntp.org> 2015-10-17 09:34:29 UTC ---
After thinking for a while over the problem, I propose to use a timeout-based
limit between the query and the first valid reply, and between a valid reply
and the next reply if such is expected. If there is no proper answer in that
time window, raise a timeout condition.

Currently the timeout is just for the reception of any packet, and both NTPQ
and NTPDC can be easily fooled this way.

I will start to implement this proposal, but please tell me ASAP if you see a
problem with this procedure!

-- 
Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list