[ntp:security] [Bug 3113] Broadcast Mode Poll Interval Enforcement DoS

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Fri Oct 28 01:26:16 UTC 2016


http://bugs.ntp.org/show_bug.cgi?id=3113

Harlan Stenn <stenn at ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|READY                       |STAGED
   Target Milestone|---                         |4.2.8

--- Comment #5 from Harlan Stenn <stenn at ntp.org> 2016-10-28 01:26:16 UTC ---
Matt,

Thanks again for the report.

The original decision to check against timelastrec instead of timereceived was
both conscious and deliberate.  That doesn't necessarily mean that decision was
correct.

Unfortunately, I'm not finding my notes on exactly what those reasons were.

So I'm going with your patch as the case you have described is certainly more
"present".  If somebody remembers a good reason why timelastrec should be used
instead, we can re-evaluate.

STAGED for 4.2.8p9.

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list