[ntp:security] [Bug 3114] Broadcast Mode Replay Prevention DoS

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Tue Sep 13 19:09:32 UTC 2016


https://bugs.ntp.org/show_bug.cgi?id=3114

--- Comment #3 from Juergen Perlinger <perlinger at ntp.org> 2016-09-13 19:09:32 UTC ---
I'm working my way through the diff manually, since it is against the GIT repo
which is not quite the 4.2.8p8 release. AFAIK there has been trouble with the
GIT export, which makes things awkward to handle. Anyway, I'll cope somehow.

But there is at least one issue: The snippet in

@@ -1348,9 +1347,8 @@ receive(

damages the compare op. Since the NTP time scale is seconds since 1900 (mod
2^32), a simple compare is not enough to handle the wrap-around / overflow. One
has indeed to take the difference (mod 2^32) and check if the result is
negative. So I won't apply that fragment, as it is definitely wrong.

-- 
Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list