[ntp:security] [Pool] NTP CVE patches?

Miroslav Lichvar mlichvar at redhat.com
Thu Oct 22 16:57:28 UTC 2015


On Thu, Oct 22, 2015 at 09:13:04AM +0000, Harlan Stenn wrote:
> Miroslav,
> 
> Might I trouble you to open a bug report on this?

The problem with KoD is that the packet must be dropped when a TEST
bit is set (i.e. some test failed). That's exactly the same as with
normal packets. When the transmit timestamp is zero, TEST3 will fail
and the packet must be dropped.

The problem with symmetric association is in the state variables. They
need to be updated even when TEST2 failed, so the associaction can be
properly initialized on both sides.

Anyway, I thought you had this patch from the BU people and were going
to include it in 4.2.8p4.

> > diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.kodtest ntp-4.2.6p5/ntpd/ntp_proto.c
> > --- ntp-4.2.6p5/ntpd/ntp_proto.c.kodtest	2015-09-24 18:20:19.121981664 +
> > 0200
> > +++ ntp-4.2.6p5/ntpd/ntp_proto.c	2015-09-24 18:20:54.596594166 +0200
> > @@ -1165,7 +1165,7 @@ receive(
> >  	peer->ppoll = max(peer->minpoll, pkt->ppoll);
> >  	if (hismode == MODE_SERVER && hisleap == LEAP_NOTINSYNC &&
> >  	    hisstratum == STRATUM_UNSPEC && memcmp(&pkt->refid,
> > -	    "RATE", 4) == 0) {
> > +	    "RATE", 4) == 0 && !(peer->flash & PKT_TEST_MASK)) {
> >  		peer->selbroken++;
> >  		report_event(PEVNT_RATE, peer, NULL);
> >  		if (pkt->ppoll > peer->minpoll)
> > 
> > --zCKi3GIZzVBPywwA--
> > 
> 

-- 
Miroslav Lichvar


More information about the security mailing list