[ntp:security] [Bug 3661] memory leak with AES128CMAC keys

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Wed Apr 1 14:57:27 UTC 2020


https://bugs.ntp.org/show_bug.cgi?id=3661

--- Comment #2 from Juergen Perlinger <perlinger at ntp.org> 2020-04-01 14:57:27 UTC ---
Created attachment 1709
  --> https://bugs.ntp.org/attachment.cgi?id=1709
patch against clean 4.2.8.p14

The bug was that CMAC contexts were not 'CMAC_CTX_free()'d, but just cleaned up
internally. That left an orphaned empty hull in NTPD and SNTP for every CMAC
computation.

Harlan, the repo is in
  psp.ntp.org:~perlinger/ntp-stable-3661.

Martin, give it a try with the patch if you can.

-- 
Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list