[ntp:security] [Bug 3044] Processing spoofed server packets
bugzilla-daemon at ntp.org
bugzilla-daemon at ntp.org
Mon May 23 09:58:15 UTC 2016
http://bugs.ntp.org/show_bug.cgi?id=3044
Harlan Stenn <stenn at ntp.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P5 |P3
Status|CONFIRMED |IN_PROGRESS
Severity|enhancement |normal
--- Comment #2 from Harlan Stenn <stenn at ntp.org> 2016-05-23 09:58:15 UTC ---
process_packet() still needs a bit of work. We expect to call it even if the
packet format checks have some known problems.
There are also situations where we (think we) want to update some peer time
variables even if the packet has problems. This has been part of ongoing
discussions between me and Dave. But it's clear we don't want to update other
variables until we're sure that any provided authentication is valid.
--
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the security
mailing list