[ntp:hackers] CVE-2013-5211

David Malone dwmalone at maths.tcd.ie
Thu Jan 9 10:52:04 UTC 2014


On Wed, Jan 08, 2014 at 10:06:45PM +0000, David Malone wrote:
> I guess in -V and/or -W mode, it would be helpful if it included the
> value of the leapbits in the packet? I suppose one could parse it from
> the hex dump in -W's output, but it doesn't seem like a great idea.

Actually, I see -V and -W were in the old sntp program, and I was
originally looking at the new version where there is a -d flag. I
was wondering why I hadn't noticed them first I looked at the code.
Neither version seems to print the leap bits though.

Hal's suggestion seems reasonable, we should have an option that
prints the contents of the received packet, maybe as it is parsed
in process_pkt, could help with debuging. Alternatively, printing
the value of the leap bits in handle_pkt() would be enough for me.

	David.


More information about the hackers mailing list