[Git][NTPsec/ntpsec][master] 2 commits: Use random() rather than ntp_random() for fuzzing

Hal Murray gitlab at mg.gitlab.com
Tue Dec 31 18:21:55 UTC 2019



Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
446552d1 by Hal Murray at 2019-12-31T10:18:56-08:00
Use random() rather than ntp_random() for fuzzing

- - - - -
b02e1e55 by Hal Murray at 2019-12-31T10:18:56-08:00
Unify SIGHUP and hourly checks
  Both now
    check for a new log file
    check for a new certificate file
    check for a new leap file
SIGHUP also restarts all pending DNS and NTS probes.

- - - - -


10 changed files:

- NEWS.adoc
- include/ntp_stdlib.h
- include/nts.h
- libntp/msyslog.c
- ntpd/ntp_proto.c
- ntpd/ntp_timer.c
- ntpd/ntpd.c
- ntpd/nts.c
- ntpd/nts_cookie.c
- ntpd/nts_server.c


Changes:

=====================================
NEWS.adoc
=====================================
@@ -12,6 +12,12 @@ on user-visible changes.
 
 == Repository head ==
 
+SIGHUP and hourly checks have been unified.  Both now
+  check for a new log file
+  check for a new certificate file
+  check for a new leap file
+SIGHUP also restarts all pending DNS and NTS probes.
+
 NTS client now requires ALPN on TLSv1.3.
 
 == 2019-11-17: 1.1.8 ==


=====================================
include/ntp_stdlib.h
=====================================
@@ -32,7 +32,7 @@ extern	void	msyslog(int, const char *, ...) NTP_PRINTF(2, 3);
 extern	void	ntp_strerror_r(int errnum, char *buf, size_t buflen);
 extern	void	init_logging	(const char *, uint32_t, int);
 extern	int	change_logfile	(const char *, bool);
-extern	void	reopen_logfile  (void);
+extern	void	check_logfile	(void);
 extern	void	setup_logfile	(const char *);
 
 extern	int	clocktime	(int, int, int, int, int, time_t, uint32_t, uint32_t *, uint32_t *);


=====================================
include/nts.h
=====================================
@@ -25,6 +25,8 @@ bool nts_cookie_init(void);
 bool nts_server_init2(void);    /* after sandbox */
 bool nts_cookie_init2(void);
 
+void nts_cert_timer(void);
+void nts_cookie_timer(void);
 
 bool nts_read_cookie_keys(void);
 bool nts_make_cookie_key(void);


=====================================
libntp/msyslog.c
=====================================
@@ -401,14 +401,14 @@ setup_logfile(
 }
 
 /*
- * reopen_logfile()
+ * check_logfile()
  *
  * reopen current logfile in case the old file has been renamed by logrotate
- *
+ * called on SIGHUP and hourly
  */
 
 void
-reopen_logfile(void)
+check_logfile(void)
 {
 	FILE *  new_file;
 
@@ -418,7 +418,7 @@ reopen_logfile(void)
 
 	new_file = fopen(syslog_fname, "a");
 	if (NULL == new_file) {
-		msyslog(LOG_ERR, "LOG: reopen_logfile: couldn't open %s %s",
+		msyslog(LOG_ERR, "LOG: check_logfile: couldn't open %s %s",
                         syslog_fname, strerror(errno));
 		return;
 	}
@@ -431,16 +431,14 @@ reopen_logfile(void)
 	 * This seems to work.
 	 */
 	if (ftell(syslog_file) == ftell(new_file)) {
-		/* just for debugging */
-		msyslog(LOG_INFO, "LOG: reopen_logfile: same length, ignored");
 		fclose(new_file);
 		return;
 	}
 
-	msyslog(LOG_INFO, "LOG: reopen_logfile: closing old file");
+	msyslog(LOG_INFO, "LOG: check_logfile: closing old file");
 	fclose(syslog_file);
 	syslog_file = new_file;
-	msyslog(LOG_INFO, "LOG: reopen_logfile: using %s", syslog_fname);
+	msyslog(LOG_INFO, "LOG: check_logfile: using %s", syslog_fname);
 }
 
 /* Hack because there are 2 APIs to strerror_r()  */


=====================================
ntpd/ntp_proto.c
=====================================
@@ -477,7 +477,8 @@ static bool check_early_restrictions(
 {
 	return (restrict_mask & RES_IGNORE) ||
 	    ((restrict_mask & RES_FLAKE) &&
-	     (double)ntp_random() / 0x7fffffff < .1) ||
+/*	     (double)ntp_random() / 0x7fffffff < .1) || */
+	     (double)random() / 0x7fffffff < .1) ||
 	    (restrict_mask & (is_control_packet(rbufp) ? RES_NOQUERY : RES_DONTSERVE)) ||
 	    rbufp->recv_length < 1 ||
 	    ((restrict_mask & RES_VERSION) &&
@@ -1219,7 +1220,8 @@ poll_update(
 			next = 1U << hpoll;
 		else
 #endif /* REFCLOCK */
-			next = ((0x1000UL | (ntp_random() & 0x0ff)) <<
+/*			next = ((0x1000UL | (ntp_random() & 0x0ff)) <<  */
+			next = ((0x1000UL | (random() & 0x0ff)) <<
 			    hpoll) >> 12;
 		next += peer->outdate;
 		if (next > utemp)


=====================================
ntpd/ntp_timer.c
=====================================
@@ -41,8 +41,7 @@ int interface_interval;     /* init_io() sets def. 300s */
  */
 static uptime_t interface_timer;	/* interface update timer */
 static uptime_t adjust_timer;	/* second timer */
-static uptime_t stats_timer;
-static uptime_t cookie_timer;
+static uptime_t hour_timer;
 static uptime_t leapf_timer;	/* Report leapfile problems once/day */
 static uptime_t huffpuff_timer;	/* huff-n'-puff timer */
 static unsigned long	leapsec; /* secs to next leap (proximity class) */
@@ -141,8 +140,7 @@ init_timer(void)
 	sig_flags.sawALRM = false;
 	alarm_overflow = 0;
 	adjust_timer = 1;
-	stats_timer = SECSPERHR;
-	cookie_timer = SECSPERHR;
+	hour_timer = SECSPERHR;
 	leapf_timer = SECSPERDAY;
 	huffpuff_timer = 0;
 	interface_timer = 0;
@@ -282,12 +280,13 @@ timer(void)
 	}
 
 	/*
-	 * Finally, write hourly stats and do the hourly
-	 * and daily leapfile checks.
+	 * Finally, do the hourly stats and checks
 	 */
-	if (stats_timer <= current_time) {
-		stats_timer += SECSPERHR;
+	if (hour_timer <= current_time) {
+		hour_timer += SECSPERHR;
 		write_stats();
+		nts_timer();
+		check_logfile();
 		if (leapf_timer <= current_time) {
 			leapf_timer += SECSPERDAY;
 			check_leap_file(true, now);
@@ -296,11 +295,6 @@ timer(void)
 		}
 	}
 
-	/* time for new NTS K/I ? */
-	if (cookie_timer <= current_time) {
-		cookie_timer += 5*60;
-		nts_timer();
-	}
 }
 
 


=====================================
ntpd/ntpd.c
=====================================
@@ -953,7 +953,7 @@ static void mainloop(void)
 			sig_flags.sawHUP = false;
 			msyslog(LOG_INFO, "LOG: Saw SIGHUP");
 
-			reopen_logfile();
+			check_logfile();
 			check_leap_file(false, time(NULL));
 			check_cert_file();
 			dns_try_again();


=====================================
ntpd/nts.c
=====================================
@@ -109,6 +109,13 @@ void nts_log_version(void) {
 
 /*****************************************************/
 
+void nts_timer(void) {
+	nts_cert_timer();
+	nts_cookie_timer();
+}
+
+/*****************************************************/
+
 /* 0 is default, -1 is error */
 int nts_translate_version(const char *arg) {
 	if (NULL == arg) {


=====================================
ntpd/nts_cookie.c
=====================================
@@ -137,7 +137,7 @@ bool nts_cookie_init2(void) {
 //  keys will timeout, packets will get dropped
 //  after 8 lost packets, it should go through the NTS-KE dance again
 // #define SecondsPerDay 3600
-void nts_timer(void) {
+void nts_cookie_timer(void) {
 	time_t now;
 	if (0 == K_time) {
 		return;


=====================================
ntpd/nts_server.c
=====================================
@@ -169,8 +169,20 @@ bool nts_server_init2(void) {
 	return true;
 }
 
-void check_cert_file(void) {
+#define SecondsPerHour 3600
+void nts_cert_timer(void) {
+	static time_t C_time = 0;
+	time_t now = time(NULL);
+	if (SecondsPerHour > (now-C_time)) {
+		return;
+	}
+	check_cert_file();
+        while (SecondsPerHour < (now-C_time)) {
+                C_time += SecondsPerHour;
+        }
+}
 
+void check_cert_file(void) {
 	nts_lock_certlock();
 	nts_reload_certificate(server_ctx);
 	nts_unlock_certlock();



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/2ed3fea5e87316ed000b48ceec68960e80b64db8...b02e1e55399827558ad30193fd6acc239f648d86

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/2ed3fea5e87316ed000b48ceec68960e80b64db8...b02e1e55399827558ad30193fd6acc239f648d86
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20191231/1e4467e8/attachment-0001.htm>


More information about the vc mailing list