Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-4]: src/usr.sbin/xntp/xntpd Apply patch (requested by simonb):
details: https://anonhg.NetBSD.org/src/rev/265ca7df0741
branches: netbsd-1-4
changeset: 471284:265ca7df0741
user: he <he%NetBSD.org@localhost>
date: Thu Apr 05 12:15:57 2001 +0000
description:
Apply patch (requested by simonb):
Fix a DoS attack (and possibly, but not confirmed, a root exploit)
in ntpd.
diffstat:
usr.sbin/xntp/xntpd/ntp_control.c | 18 ++++++++++++++++--
1 files changed, 16 insertions(+), 2 deletions(-)
diffs (33 lines):
diff -r 357096a9180e -r 265ca7df0741 usr.sbin/xntp/xntpd/ntp_control.c
--- a/usr.sbin/xntp/xntpd/ntp_control.c Wed Apr 04 15:56:03 2001 +0000
+++ b/usr.sbin/xntp/xntpd/ntp_control.c Thu Apr 05 12:15:57 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ntp_control.c,v 1.6 1998/08/27 20:31:02 ross Exp $ */
+/* $NetBSD: ntp_control.c,v 1.6.2.1 2001/04/05 12:15:57 he Exp $ */
/*
* ntp_control.c - respond to control messages and send async traps
@@ -1757,8 +1757,22 @@
tp = buf;
while (cp < reqend && isspace(*cp))
cp++;
- while (cp < reqend && *cp != ',')
+ while (cp < reqend && *cp != ',') {
*tp++ = *cp++;
+ if (tp >=
+ buf + sizeof(buf) - 1) {
+#if 0 /* don't syslog for now - DoS potential on filling syslog */
+ msyslog(LOG_WARNING,
+ "Attempted \"ntpdx\" exploit from IP %d.%d.%d.%d:%d (possibly spoofed)\n",
+ (ntohl(rmt_addr->sin_addr.s_addr) >> 24) & 0xff,
+ (ntohl(rmt_addr->sin_addr.s_addr) >> 16) & 0xff,
+ (ntohl(rmt_addr->sin_addr.s_addr) >> 8) & 0xff,
+ (ntohl(rmt_addr->sin_addr.s_addr) >> 0) & 0xff,
+ ntohs(rmt_addr->sin_port));
+#endif
+ return (0);
+ }
+ }
if (cp < reqend)
cp++;
*tp = '\0';
Home |
Main Index |
Thread Index |
Old Index