Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/dist/ntp/ntpd Fix a DoS attach (and possibly, but not confir...
details: https://anonhg.NetBSD.org/src/rev/9f150b4d7c0c
branches: trunk
changeset: 508033:9f150b4d7c0c
user: simonb <simonb%NetBSD.org@localhost>
date: Thu Apr 05 02:08:01 2001 +0000
description:
Fix a DoS attach (and possibly, but not confirmed, a root exploit) in
ntpd.
Fix from Poul-Henning Kamp and Dima Ruban from the FreeBSD tree, with
changes from Jason Thorpe to not overrun the end of the static buffer
and with syslog()ing the bad packets disabled so as not to DoS syslog.
diffstat:
dist/ntp/ntpd/ntp_control.c | 19 ++++++++++++++++---
1 files changed, 16 insertions(+), 3 deletions(-)
diffs (34 lines):
diff -r b9a91668e8e6 -r 9f150b4d7c0c dist/ntp/ntpd/ntp_control.c
--- a/dist/ntp/ntpd/ntp_control.c Wed Apr 04 21:40:20 2001 +0000
+++ b/dist/ntp/ntpd/ntp_control.c Thu Apr 05 02:08:01 2001 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ntp_control.c,v 1.1.1.2 2000/04/22 14:53:15 simonb Exp $ */
+/* $NetBSD: ntp_control.c,v 1.2 2001/04/05 02:08:01 simonb Exp $ */
/*
* ntp_control.c - respond to control messages and send async traps
@@ -1812,9 +1812,22 @@
while (cp < reqend &&
isspace((int)*cp))
cp++;
- while (cp < reqend && *cp !=
- ',')
+ while (cp < reqend && *cp != ',') {
*tp++ = *cp++;
+ if (tp >=
+ buf + sizeof(buf) - 1) {
+#if 0 /* don't syslog for now - DoS potential on filling syslog */
+ msyslog(LOG_WARNING,
+ "Attempted \"ntpdx\" exploit from IP %d.%d.%d.%d:%d (possibly spoofed)\n",
+ (ntohl(rmt_addr->sin_addr.s_addr) >> 24) & 0xff,
+ (ntohl(rmt_addr->sin_addr.s_addr) >> 16) & 0xff,
+ (ntohl(rmt_addr->sin_addr.s_addr) >> 8) & 0xff,
+ (ntohl(rmt_addr->sin_addr.s_addr) >> 0) & 0xff,
+ ntohs(rmt_addr->sin_port));
+#endif
+ return (0);
+ }
+ }
if (cp < reqend)
cp++;
*tp = '\0';
Home |
Main Index |
Thread Index |
Old Index