[Git][NTPsec/ntpsec][master] Fix authentication

Daniel Fox Franke gitlab at mg.gitlab.com
Wed Nov 23 21:31:01 UTC 2016

Daniel Fox Franke pushed to branch master at NTPsec / ntpsec

4911e2df by Daniel Fox Franke at 2016-11-23T16:30:34-05:00
Fix authentication

This corrects two evil bugs, one of which was introduced during the
protocol refactor.  That one would have been a vulnerability but
fortunately 1. the other was masking it, and 2. this bug never made
it in a release. Phew.

First bug: missing exit after failed authentication, which would have
allowed misauthenticated packets to be accepted. Yikes!

Second bug: Even correctly authenticated packets were getting rejected
by different security check. handle_procpkt() checks that there's a
request in flight before it's willing to process any response. But due
to a bug that predates the fork from NTP Classic, authenticated
requests never got their outcount incremented.

This is why we test things...

- - - - -

1 changed file:

- ntpd/ntp_proto.c


--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -787,6 +787,7 @@ receive(
 				peer->flash |= BOGON5;
+			goto done;
 		} else {
 			authenticated = true;
@@ -2228,6 +2229,7 @@ peer_xmit(
 	sendpkt(&peer->srcadr, peer->dstadr, sys_ttl[peer->ttl], &xpkt,
+        peer->outcount++;
 	peer->throttle += (1 << peer->minpoll) - 2;
 #ifdef DEBUG
 	if (debug)

View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/4911e2df0c54414a539685545780168757879434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/vc/attachments/20161123/afd4318a/attachment.html>

More information about the vc mailing list