[ntpsec commit] Prevent improperly authenticated packets from mobilizing passive associations

[Daniel Franke]

Module:    ntpsec
Branch:    master
Commit:    4f257e98b6dc777bb300bb1a6dfbc825ba79a9f8
Changeset: http://git.ntpsec.org/ntpsec/commit/?id=4f257e98b6dc777bb300bb1a6dfbc825ba79a9f8

Author:    Matthew Van Gundy <mvangund at cisco.com>
Date:      Tue Oct 20 22:02:24 2015 -0400

Prevent improperly authenticated packets from mobilizing passive associations

AKA "NAK to the future"

---

 ntpd/ntp_proto.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
index 0904da5..f6dfb95 100644
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -1097,6 +1097,27 @@ receive(
 				sys_restricted++;
 				return;
 			}
+
+			/*
+			 * If we got here, the packet isn't part of an
+			 * existing association, it isn't correctly
+			 * authenticated, and it didn't meet either of
+			 * the previous two special cases so we should
+			 * just drop it on the floor.  For example,
+			 * crypto-NAKs (is_authentic == AUTH_CRYPTO)
+			 * will make it this far.
+			 */
+#ifdef DEBUG
+			if (debug) {
+				 printf(
+					 "receive: at %ld refusing to mobilize passive association"
+					 " with unknown peer %s mode %d keyid %08x len %d auth %d\n",
+					 current_time, stoa(&rbufp->recv_srcadr), hismode, skeyid,
+					 authlen + has_mac, is_authentic);
+			}
+#endif
+			sys_declined++;
+			return;
 		}
 
 		/*