[Git][NTPsec/ntpsec][master] Add a comment clarifying control flow in process_packet()
Daniel Fox Franke
gitlab at mg.gitlab.com
Thu Jun 2 17:17:01 UTC 2016
Daniel Fox Franke pushed to branch master at NTPsec / ntpsec
Commits:
7ebb9a34 by Daniel Fox Franke at 2016-06-02T13:12:05-04:00
Add a comment clarifying control flow in process_packet()
The analysis of CVE-2016-4954 in my previous commit message was
incorrect; there are indeed (minor) security implications to that bug
because the tardily-performed sanity check covers more than I thought.
- - - - -
1 changed file:
- ntpd/ntp_proto.c
Changes:
=====================================
ntpd/ntp_proto.c
=====================================
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -1260,9 +1260,10 @@ process_packet(
peer->flash |= BOGON7; /* bad header */
/*
- * If any tests fail at this point, the packet is discarded.
- * Note that some flashers may have already been set in the
- * receive() routine.
+ * If any tests have failed at this point, the packet is
+ * discarded. Note that this check covers both the bits that
+ * may have been set immediately above, as well as some that
+ * may have been set earlier in the receive() routine.
*/
if (peer->flash & PKT_BOGON_MASK) {
peer->seldisptoolarge++;
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/7ebb9a34cd94d9df40a503c0d767a7cfb1d21a9f
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/vc/attachments/20160602/e5a20375/attachment.html>
More information about the vc
mailing list