[ntp:security] [Bug 2901] Clients that receive a KoD should validate the origin timestamp field.

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Thu Jan 21 11:41:27 UTC 2016


http://bugs.ntp.org/show_bug.cgi?id=2901

Harlan Stenn <stenn at ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |IN_PROGRESS
         Resolution|FIXED                       |

--- Comment #13 from Harlan Stenn <stenn at ntp.org> 2016-01-21 11:41:27 UTC ---
Miroslav,

I'm marking this as IN_PROGRESS per your comment.

I don't yet see what you are describing.

In ntp_proto.c, starting at line 1462, we have the case where:

- we are not in interleave mode
- if we are not a KOD packet {(in this case we *are*) clear the origin stamp}
- else if(aorg is zero, or the org stamps differ) we:
- - flash TEST2
- - log a message about unexpected origin timestamps
- - see if this qualifies for starting interleave
- - RETURN

This case should cover this bug report - a KoD packet is tested for origin
timestamp.  Only if the origin timestamps are OK do we get past this point.

- else we clear the origin timestamp

Otherwise, we *are* handling interleave.

We look for a TEST3 violation.

If there isn't a TEST3 violation we do TEST2 checks for interleaved symmetric
mode.

I think I may see a case here - the case where we get a KoD response and we're
in interleave mode.

Or do you see something else I'm missing?

Now I'm curious about exactly what should happen with KoD packets in interleave
mode.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list