[ntp:security] [Bug 2948] Potential Infinite Loop in ntpq
bugzilla-daemon at ntp.org
bugzilla-daemon at ntp.org
Sat Oct 17 09:34:29 UTC 2015
https://bugs.ntp.org/show_bug.cgi?id=2948
Juergen Perlinger <perlinger at ntp.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|CONFIRMED |IN_PROGRESS
CC| |perlinger at ntp.org
AssignedTo|stenn at ntp.org |perlinger at ntp.org
--- Comment #1 from Juergen Perlinger <perlinger at ntp.org> 2015-10-17 09:34:29 UTC ---
After thinking for a while over the problem, I propose to use a timeout-based
limit between the query and the first valid reply, and between a valid reply
and the next reply if such is expected. If there is no proper answer in that
time window, raise a timeout condition.
Currently the timeout is just for the reception of any packet, and both NTPQ
and NTPDC can be easily fooled this way.
I will start to implement this proposal, but please tell me ASAP if you see a
problem with this procedure!
--
Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the security
mailing list