[ntp:security] NOEPEER patch

Harlan Stenn stenn at nwtime.org
Fri Aug 3 09:42:55 UTC 2018


Martin,

On 8/3/2018 2:28 AM, Martin Burnicki wrote:
> Harlan,
> 
> Harlan Stenn wrote:
>> On 8/3/2018 12:51 AM, Martin Burnicki wrote:
>>> bk annotate says the FLAG_SKEY check has been introduced by Pearly,
>>> probably with autokey in mind. Pearly, do you think it's OK to remove
>>> this check, like I did?
>>
>> I don't think that's what we want.
>>
>> Before Pearly's change, the code was:
>>
>>   if (   peer
>>       && (peer->keyid > 0 || peer->flags & FLAG_SKEY))
>> 	return VALIDNAK;
>>
>> and now it is:
>>
>>   if (!peer || !peer->keyid || !(peer->flags & FLAG_SKEY)
>> 	return INVALIDNAK;
>>
>> and I think we want:
>>
>>   if (!peer || (!peer->keyid && !(peer->flags & FLAG_SKEY))
>> 	return INVALIDNAK;
> 
> The fact that the FLAG_SKEY test has been in the code before Pearly's
> change doesn't necessarily mean that the test is correct, and required.
> 
> Similar to the MODE_ACTIVE reply in this case instead of a MODE_PASSIVE
> reply that would be expected, even according to Dave.
> 
> So *why* is FLAG_SKEY tested here? If a packet with an invalid/unknown
> key was received then it should make no difference if the *key* was a
> symmetric one, or an autokey one.

All I know right now (at 0237) is that this test dates back to August of
2001, and possibly before that.

It *might* have something to do with the recollection I have that during
the first few packets of the autokey dance, there will not (yet) be a keyid.

-- 
Harlan Stenn, Network Time Foundation
http://nwtime.org - be a Member!


More information about the security mailing list