[Git][NTPsec/ntpsec][NTPsec_1_2_2a] 2 commits: Fix a crash in ntpd if NTS is disabled and an NTS-enabled client request (mode

Matt Selsky (@selsky) gitlab at mg.gitlab.com
Thu Aug 3 04:18:03 UTC 2023 


Matt Selsky pushed to tag NTPsec_1_2_2a at NTPsec / ntpsec


Commits:
1edd215c by Matt Selsky at 2023-08-03T00:11:11-04:00
Fix a crash in ntpd if NTS is disabled and an NTS-enabled client request (mode
3) is received. (CVE-2023-4012)

NTPsec/ntpsec#794

- - - - -
5fe97719 by Matt Selsky at 2023-08-03T00:14:09-04:00
version 1.2.2a

Signed-off-by: Matt Selsky <matthew.selsky at twosigma.com>

- - - - -


3 changed files:

- NEWS.adoc
- VERSION
- ntpd/nts_cookie.c


Changes:

=====================================
NEWS.adoc
=====================================
@@ -10,6 +10,11 @@ Much of the traditional function of a news file is now better addressed
 by browsing the comments in the revision history.  This file will focus
 on user-visible changes.
 
+## 2023-08-02: 1.2.2a
+
+Fix a crash in ntpd if NTS is disabled and an NTS-enabled client request (mode
+3) is received. (CVE-2023-4012)
+
 ## 2022-12-28: 1.2.2
 
 Restore/cleanup NTPv1 support


=====================================
VERSION
=====================================
@@ -1 +1 @@
-1.2.2
+1.2.2a


=====================================
ntpd/nts_cookie.c
=====================================
@@ -382,6 +382,10 @@ bool nts_unpack_cookie(uint8_t *cookie, int cookielen,
 	if (NULL == cookie_ctx)
 		return false;	/* We aren't initialized yet. */
 
+	if (0 == nts_nKeys) {
+		return false;  /* We are not a NTS enabled server. */
+	}
+
 	/* We may get garbage from the net */
 	if (cookielen > NTS_MAX_COOKIELEN)
 		return false;



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/4b61e62e1645a5c329102ae7f136147d8eb4a129...5fe977195c1d4967e4cd72cef9efe4dc4de44e43

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/4b61e62e1645a5c329102ae7f136147d8eb4a129...5fe977195c1d4967e4cd72cef9efe4dc4de44e43
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20230803/3841aaa7/attachment-0001.htm>

More information about the vc mailing list