[ntp:security] [Bug 3453] Interleaved symmetric mode cannot recover from bad state

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Thu Feb 1 15:04:41 UTC 2018


https://bugs.ntp.org/show_bug.cgi?id=3453

--- Comment #5 from Miroslav Lichvar <mlichvar at redhat.com> 2018-02-01 15:04:25 UTC ---
The XBOGUS flag seems to be necessary to prevent the transmit timestamp from
the following packet to be matched with an incorrect packet. It basically
resets the state.

(In reply to comment #2)
> I've asked him about this, because if this 'return' was added to prevent a
> problem, removing it to fix interleave mode resets will break something else.

As I understand it, there were two return statements added to prevent a spoofed
KoD packet changing the poll interval (bug #2901). This broke both basic
symmetric mode (bug #2952) and interleaved symmetric mode (this bug). The
original fix for bug #2901 was reworked later and there is now a separate check
for origin timestamp specific to KoD packets. The return statement specific to
the basic mode was removed, but not the one specific to the interleaved mode.

In any case, couple lines above this code is a "Check for valid nonzero
timestamp fields", which doesn't return. I don't think it makes sense to allow
updating the state from packets that have a zero origin timestamp, but not from
packets that have a non-zero origin timestamp.

-- 
Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list