[ntp:security] [Bug 3010] remote configuration trustedkey/requestkey values are not properly validated

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Sun Feb 21 08:49:16 UTC 2016


--- Comment #4 from Juergen Perlinger <perlinger at ntp.org> 2016-02-21 08:49:16 UTC ---
I added a change to 'authreadkeys': well-formed key definitions with an
unsupported MAC algorithm are ignored and *not* counted as error. (They are
still logged, though.)

Validating if re-reading a key file would invalidate the current control and/or
request key needs more modifications: ntpdate also reads the key file, or so it
seems, and that causes linker errors as the global values for the request and
control key are in NTPD and not libntp.

There are several ways to deal with this, from moving the global values into
libntp to passing a key ID list to validate into 'authreadkeys()'.

I'd like to get some opinions if this is really necessary before I start
butchering the code.

Code is in the same repo as before, but now libntp/authreadkeys.c is changed,

Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list