ntp: fix exp1 EF search in process_response()

Don't ignore the magic field when searching for the exp1 extension
field in a received response. If there were two exp1 fields in the
packet, and only one of them had the expected magic value, it should
pick the right one.

Fixes: 2319f72b29a9 ("ntp: add client support for experimental extension field")

diff --git a/ntp_core.c b/ntp_core.c
index 945aec99f430c473840156036245cedf011f640f..2cffd6cad877d6aafeaf8d71dcf9675704f12296 100644 (file)
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -1721,7 +1721,9 @@ process_response(NCR_Instance inst, NTP_Local_Address *local_addr,
 
       switch (ef_type) {
         case NTP_EF_EXP1:
-          if (inst->ext_field_flags & NTP_EF_FLAG_EXP1 && ef_body_length == sizeof (*ef_exp1))
+          if (inst->ext_field_flags & NTP_EF_FLAG_EXP1 &&
+              ef_body_length == sizeof (*ef_exp1) &&
+              ntohl(((NTP_ExtFieldExp1 *)ef_body)->magic) == NTP_EF_EXP1_MAGIC)
             ef_exp1 = ef_body;
           break;
       }