[ntp:security] [Bug 3661] memory leak with AES128CMAC keys

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Wed Apr 1 09:41:02 UTC 2020


Harlan Stenn <stenn at ntp.org> changed:

           What    |Removed                     |Added
           Priority|P5                          |P2
            Summary|test                        |memory leak with AES128CMAC
                   |                            |keys
              Flags|                            |blocking4.2.8+
           Severity|enhancement                 |major

--- Comment #1 from Harlan Stenn <stenn at ntp.org> 2020-04-01 09:41:02 UTC ---
Martin Burnicki says:

there seems to be a memory leak in ntpd, at least in the current p14
version. [Update: Martin says it's a problem in p13 as well.]

The problem occurs on the server if you use symmetric keys of
type AES128CMAC, like

6 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878  # AES128CMAC key

If such a key is used, authentication seems to work correctly, but the
total memory consumption of ntpd increases over time, at least at the
server side.

This has first been observed by folks at the German PTB who run our
LANTIME devices and use this type of key.

The problem doesn't seem to arise if you use e.g. simple MD5 keys. We
are still investigating if this also happens with earlier versions of
ntpd, and on the client side, or if it may be a bug in OpenSSL.

We have already upgraded to the latest OpenSSL version 1.1.1f, which has
been released yesterday, and the problem still persists.

Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list