Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/ntp/dist/ntpd Prevent ntpd instances from sendi...
details: https://anonhg.NetBSD.org/src/rev/ea60e17feb50
branches: trunk
changeset: 754278:ea60e17feb50
user: tonnerre <tonnerre%NetBSD.org@localhost>
date: Sun Apr 25 22:50:11 2010 +0000
description:
Prevent ntpd instances from sending MODE_PRIVATE error responses back and
forth. This resolves CVE-2009-3563, but it should be noted that nobody uses
this code so far, so this is more of a preventive update than a security
one.
diffstat:
external/bsd/ntp/dist/ntpd/ntp_request.c | 13 ++++++++++---
1 files changed, 10 insertions(+), 3 deletions(-)
diffs (34 lines):
diff -r 2eaa7df500eb -r ea60e17feb50 external/bsd/ntp/dist/ntpd/ntp_request.c
--- a/external/bsd/ntp/dist/ntpd/ntp_request.c Sun Apr 25 18:01:08 2010 +0000
+++ b/external/bsd/ntp/dist/ntpd/ntp_request.c Sun Apr 25 22:50:11 2010 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ntp_request.c,v 1.2 2009/12/14 00:46:21 christos Exp $ */
+/* $NetBSD: ntp_request.c,v 1.3 2010/04/25 22:50:11 tonnerre Exp $ */
/*
* ntp_request.c - respond to information requests
@@ -411,6 +411,7 @@
int mod_okay
)
{
+ static u_long quiet_until;
struct req_pkt *inpkt;
struct req_pkt_tail *tailinpkt;
sockaddr_u *srcadr;
@@ -449,8 +450,14 @@
|| (++ec, INFO_MBZ(inpkt->mbz_itemsize) != 0)
|| (++ec, rbufp->recv_length < REQ_LEN_HDR)
) {
- msyslog(LOG_ERR, "process_private: INFO_ERR_FMT: test %d failed, pkt from %s", ec, stoa(srcadr));
- req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
+ NLOG(NLOG_SYSEVENT)
+ if (current_time >= quiet_until) {
+ msyslog(LOG_ERR,
+ "process_private: drop test %d"
+ " failed, pkt from %s",
+ ec, stoa(srcadr));
+ quiet_until = current_time + 60;
+ }
return;
}
Home |
Main Index |
Thread Index |
Old Index