[src/netbsd-1-5]: src/dist/ntp/ntpd Pull up revision 1.2 (requested by simonb);

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-1-5]: src/dist/ntp/ntpd Pull up revision 1.2 (requested by simonb);
From: jhawk <jhawk%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 07:29:44 +0000

details:   https://anonhg.NetBSD.org/src/rev/9181c214979e
branches:  netbsd-1-5
changeset: 491120:9181c214979e
user:      jhawk <jhawk%NetBSD.org@localhost>
date:      Thu Apr 05 09:45:27 2001 +0000

description:
Pull up revision 1.2 (requested by simonb);
(actually, this is the diff from 1.1.1.2 to 1.2, not 1.1 to 1.2):
  Fix a DoS attack (and possibly, but not confirmed, a root exploit) in
  ntpd.
  Fix from Poul-Henning Kamp and Dima Ruban from the FreeBSD tree,
  with changes from Jason Thorpe to not overrun the end of the static
  buffer and with syslog()ing the bad packets disabled so as not to
  DoS syslog.

diffstat:

 dist/ntp/ntpd/ntp_control.c |  19 ++++++++++++++++---
 1 files changed, 16 insertions(+), 3 deletions(-)

diffs (34 lines):

diff -r 456614639e17 -r 9181c214979e dist/ntp/ntpd/ntp_control.c
--- a/dist/ntp/ntpd/ntp_control.c       Wed Apr 04 21:00:09 2001 +0000
+++ b/dist/ntp/ntpd/ntp_control.c       Thu Apr 05 09:45:27 2001 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ntp_control.c,v 1.1.1.2 2000/04/22 14:53:15 simonb Exp $       */
+/*     $NetBSD: ntp_control.c,v 1.1.1.2.4.1 2001/04/05 09:45:27 jhawk Exp $    */
 
 /*
  * ntp_control.c - respond to control messages and send async traps
@@ -1812,9 +1812,22 @@
                                        while (cp < reqend &&
                                            isspace((int)*cp))
                                                cp++;
-                                       while (cp < reqend && *cp !=
-                                           ',')
+                                       while (cp < reqend && *cp != ',') {
                                                *tp++ = *cp++;
+                                               if (tp >=
+                                                   buf + sizeof(buf) - 1) {
+#if 0  /* don't syslog for now - DoS potential on filling syslog */
+                                                       msyslog(LOG_WARNING,
+    "Attempted \"ntpdx\" exploit from IP %d.%d.%d.%d:%d (possibly spoofed)\n",
+    (ntohl(rmt_addr->sin_addr.s_addr) >> 24) & 0xff,
+    (ntohl(rmt_addr->sin_addr.s_addr) >> 16) & 0xff,
+    (ntohl(rmt_addr->sin_addr.s_addr) >> 8) & 0xff,
+    (ntohl(rmt_addr->sin_addr.s_addr) >> 0) & 0xff,
+    ntohs(rmt_addr->sin_port));
+#endif
+                                                       return (0);
+                                               }
+                                       }
                                        if (cp < reqend)
                                                cp++;
                                        *tp = '\0';

Prev by Date: [src/netbsd-1-5]: src/usr.sbin/dhcp Pull up file removal (requested by mellon):
Next by Date: [src/netbsd-1-5]: src Yawn:
Previous by Thread: [src/netbsd-1-5]: src/usr.sbin/dhcp Pull up file removal (requested by mellon):
Next by Thread: [src/netbsd-1-5]: src Yawn:
Indexes:

Home | Main Index | Thread Index | Old Index