[ntp:security] [Bug 3009] Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Sun Feb 21 14:11:50 UTC 2016


Juergen Perlinger <perlinger at ntp.org> changed:

           What    |Removed                     |Added
             Status|CONFIRMED                   |READY
                 CC|                            |perlinger at ntp.org
         AssignedTo|stenn at ntp.org               |perlinger at ntp.org

--- Comment #2 from Juergen Perlinger <perlinger at ntp.org> 2016-02-21 14:11:50 UTC ---
Added more stringent checks to the remote 'addpeer' packet evaluation:
 - hmode <= 6 (7 is already out of range for a peer mode!)

Validated that checks for maxpoll/minpoll are not necessary.

The repo is in

Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list