[ntp:security] authkey.c

Frank Kardel kardel at ntp.org
Sun Feb 21 21:56:01 UTC 2016


Hi !

The INSIST in line 570 authkey.c function authistrustedip() seems
inappropriate as it sometimes fires in normal operation killing the 
daemon. This happens with 4.2.8p6.

Feb 21 21:19:40 Andromeda ntpd[21736]: authkeys.c:570: 
INSIST(!"authistrustedip: keyid not found/trusted!") failed
Feb 21 21:19:40 Andromeda ntpd[21736]: exiting (due to assertion failure)

As the keyid is derived from packet data this might also be a DoS vector 
- not verified/analysed - just by code inspection and observing
assertion failures.

BTW: do you have a public key for security sesitive eMail (S/MIME or PGP?)

Frank


More information about the security mailing list