[Git][NTPsec/ntpsec][master] 2 commits: Use random() rather than ntp_random() for fuzzing
Hal Murray
gitlab at mg.gitlab.com
Tue Dec 31 18:21:55 UTC 2019
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
446552d1 by Hal Murray at 2019-12-31T10:18:56-08:00
Use random() rather than ntp_random() for fuzzing
- - - - -
b02e1e55 by Hal Murray at 2019-12-31T10:18:56-08:00
Unify SIGHUP and hourly checks
Both now
check for a new log file
check for a new certificate file
check for a new leap file
SIGHUP also restarts all pending DNS and NTS probes.
- - - - -
10 changed files:
- NEWS.adoc
- include/ntp_stdlib.h
- include/nts.h
- libntp/msyslog.c
- ntpd/ntp_proto.c
- ntpd/ntp_timer.c
- ntpd/ntpd.c
- ntpd/nts.c
- ntpd/nts_cookie.c
- ntpd/nts_server.c
Changes:
=====================================
NEWS.adoc
=====================================
@@ -12,6 +12,12 @@ on user-visible changes.
== Repository head ==
+SIGHUP and hourly checks have been unified. Both now
+ check for a new log file
+ check for a new certificate file
+ check for a new leap file
+SIGHUP also restarts all pending DNS and NTS probes.
+
NTS client now requires ALPN on TLSv1.3.
== 2019-11-17: 1.1.8 ==
=====================================
include/ntp_stdlib.h
=====================================
@@ -32,7 +32,7 @@ extern void msyslog(int, const char *, ...) NTP_PRINTF(2, 3);
extern void ntp_strerror_r(int errnum, char *buf, size_t buflen);
extern void init_logging (const char *, uint32_t, int);
extern int change_logfile (const char *, bool);
-extern void reopen_logfile (void);
+extern void check_logfile (void);
extern void setup_logfile (const char *);
extern int clocktime (int, int, int, int, int, time_t, uint32_t, uint32_t *, uint32_t *);
=====================================
include/nts.h
=====================================
@@ -25,6 +25,8 @@ bool nts_cookie_init(void);
bool nts_server_init2(void); /* after sandbox */
bool nts_cookie_init2(void);
+void nts_cert_timer(void);
+void nts_cookie_timer(void);
bool nts_read_cookie_keys(void);
bool nts_make_cookie_key(void);
=====================================
libntp/msyslog.c
=====================================
@@ -401,14 +401,14 @@ setup_logfile(
}
/*
- * reopen_logfile()
+ * check_logfile()
*
* reopen current logfile in case the old file has been renamed by logrotate
- *
+ * called on SIGHUP and hourly
*/
void
-reopen_logfile(void)
+check_logfile(void)
{
FILE * new_file;
@@ -418,7 +418,7 @@ reopen_logfile(void)
new_file = fopen(syslog_fname, "a");
if (NULL == new_file) {
- msyslog(LOG_ERR, "LOG: reopen_logfile: couldn't open %s %s",
+ msyslog(LOG_ERR, "LOG: check_logfile: couldn't open %s %s",
syslog_fname, strerror(errno));
return;
}
@@ -431,16 +431,14 @@ reopen_logfile(void)
* This seems to work.
*/
if (ftell(syslog_file) == ftell(new_file)) {
- /* just for debugging */
- msyslog(LOG_INFO, "LOG: reopen_logfile: same length, ignored");
fclose(new_file);
return;
}
- msyslog(LOG_INFO, "LOG: reopen_logfile: closing old file");
+ msyslog(LOG_INFO, "LOG: check_logfile: closing old file");
fclose(syslog_file);
syslog_file = new_file;
- msyslog(LOG_INFO, "LOG: reopen_logfile: using %s", syslog_fname);
+ msyslog(LOG_INFO, "LOG: check_logfile: using %s", syslog_fname);
}
/* Hack because there are 2 APIs to strerror_r() */
=====================================
ntpd/ntp_proto.c
=====================================
@@ -477,7 +477,8 @@ static bool check_early_restrictions(
{
return (restrict_mask & RES_IGNORE) ||
((restrict_mask & RES_FLAKE) &&
- (double)ntp_random() / 0x7fffffff < .1) ||
+/* (double)ntp_random() / 0x7fffffff < .1) || */
+ (double)random() / 0x7fffffff < .1) ||
(restrict_mask & (is_control_packet(rbufp) ? RES_NOQUERY : RES_DONTSERVE)) ||
rbufp->recv_length < 1 ||
((restrict_mask & RES_VERSION) &&
@@ -1219,7 +1220,8 @@ poll_update(
next = 1U << hpoll;
else
#endif /* REFCLOCK */
- next = ((0x1000UL | (ntp_random() & 0x0ff)) <<
+/* next = ((0x1000UL | (ntp_random() & 0x0ff)) << */
+ next = ((0x1000UL | (random() & 0x0ff)) <<
hpoll) >> 12;
next += peer->outdate;
if (next > utemp)
=====================================
ntpd/ntp_timer.c
=====================================
@@ -41,8 +41,7 @@ int interface_interval; /* init_io() sets def. 300s */
*/
static uptime_t interface_timer; /* interface update timer */
static uptime_t adjust_timer; /* second timer */
-static uptime_t stats_timer;
-static uptime_t cookie_timer;
+static uptime_t hour_timer;
static uptime_t leapf_timer; /* Report leapfile problems once/day */
static uptime_t huffpuff_timer; /* huff-n'-puff timer */
static unsigned long leapsec; /* secs to next leap (proximity class) */
@@ -141,8 +140,7 @@ init_timer(void)
sig_flags.sawALRM = false;
alarm_overflow = 0;
adjust_timer = 1;
- stats_timer = SECSPERHR;
- cookie_timer = SECSPERHR;
+ hour_timer = SECSPERHR;
leapf_timer = SECSPERDAY;
huffpuff_timer = 0;
interface_timer = 0;
@@ -282,12 +280,13 @@ timer(void)
}
/*
- * Finally, write hourly stats and do the hourly
- * and daily leapfile checks.
+ * Finally, do the hourly stats and checks
*/
- if (stats_timer <= current_time) {
- stats_timer += SECSPERHR;
+ if (hour_timer <= current_time) {
+ hour_timer += SECSPERHR;
write_stats();
+ nts_timer();
+ check_logfile();
if (leapf_timer <= current_time) {
leapf_timer += SECSPERDAY;
check_leap_file(true, now);
@@ -296,11 +295,6 @@ timer(void)
}
}
- /* time for new NTS K/I ? */
- if (cookie_timer <= current_time) {
- cookie_timer += 5*60;
- nts_timer();
- }
}
=====================================
ntpd/ntpd.c
=====================================
@@ -953,7 +953,7 @@ static void mainloop(void)
sig_flags.sawHUP = false;
msyslog(LOG_INFO, "LOG: Saw SIGHUP");
- reopen_logfile();
+ check_logfile();
check_leap_file(false, time(NULL));
check_cert_file();
dns_try_again();
=====================================
ntpd/nts.c
=====================================
@@ -109,6 +109,13 @@ void nts_log_version(void) {
/*****************************************************/
+void nts_timer(void) {
+ nts_cert_timer();
+ nts_cookie_timer();
+}
+
+/*****************************************************/
+
/* 0 is default, -1 is error */
int nts_translate_version(const char *arg) {
if (NULL == arg) {
=====================================
ntpd/nts_cookie.c
=====================================
@@ -137,7 +137,7 @@ bool nts_cookie_init2(void) {
// keys will timeout, packets will get dropped
// after 8 lost packets, it should go through the NTS-KE dance again
// #define SecondsPerDay 3600
-void nts_timer(void) {
+void nts_cookie_timer(void) {
time_t now;
if (0 == K_time) {
return;
=====================================
ntpd/nts_server.c
=====================================
@@ -169,8 +169,20 @@ bool nts_server_init2(void) {
return true;
}
-void check_cert_file(void) {
+#define SecondsPerHour 3600
+void nts_cert_timer(void) {
+ static time_t C_time = 0;
+ time_t now = time(NULL);
+ if (SecondsPerHour > (now-C_time)) {
+ return;
+ }
+ check_cert_file();
+ while (SecondsPerHour < (now-C_time)) {
+ C_time += SecondsPerHour;
+ }
+}
+void check_cert_file(void) {
nts_lock_certlock();
nts_reload_certificate(server_ctx);
nts_unlock_certlock();
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/2ed3fea5e87316ed000b48ceec68960e80b64db8...b02e1e55399827558ad30193fd6acc239f648d86
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/2ed3fea5e87316ed000b48ceec68960e80b64db8...b02e1e55399827558ad30193fd6acc239f648d86
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20191231/1e4467e8/attachment-0001.htm>
More information about the vc
mailing list