[Sec 3044] Spoofed server packets are partially processed. HStenn.

bk: 57444372VdmJbYqjSjCzBY-4vS_55g

diff --git a/ChangeLog b/ChangeLog
index 2e5c3b0ac209986748a1136f691ae4ce7d49e122..2c8e61dab88ab5732330ea56b4bc5c0ed5f3e639 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,9 @@
 ---
 
 * [Sec 3042] Broadcast Interleave.  HStenn.
-* [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
-  (fixes [Sec 3044] and [Sec 3045], too)
+* [Sec 3043] Autokey association reset.  perlinger@ntp.org, stenn@ntp.org
+  - fixes [Sec 3044] (partially) and [Sec 3045], too.
+* [Sec 3044] Spoofed server packets are partially processed.  HStenn.
 * [Sec 3046] CRYPTO_NAK crash.  stenn@ntp.org
 * [Bug 3038] NTP fails to build in VS2015. perlinger@ntp.org
   - provide build environment

diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
index 06cf42fff9ae4903978ad8a12c2e53b0acbee932..7809fb4a3454598be86357db57a88232584d1c3e 100644 (file)
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -2038,9 +2038,9 @@ receive(
 
 
 /*
- * process_packet - Packet Procedure, a la Section 3.4.4 of the
- *     specification. Or almost, at least. If we're in here we have a
- *     reasonable expectation that we will be having a long term
+ * process_packet - Packet Procedure, a la Section 3.4.4 of RFC-1305
+ *     Or almost, at least.  If we're in here we have a reasonable
+ *     expectation that we will be having a long term
  *     relationship with this host.
  */
 void
@@ -2060,8 +2060,10 @@ process_packet(
        double  etemp, ftemp, td;
 #endif /* ASSYM */
 
+#if 0
        sys_processed++;
        peer->processed++;
+#endif
        p_del = FPTOD(NTOHS_FP(pkt->rootdelay));
        p_offset = 0;
        p_disp = FPTOD(NTOHS_FP(pkt->rootdisp));
@@ -2074,6 +2076,39 @@ process_packet(
        pversion = PKT_VERSION(pkt->li_vn_mode);
        pstratum = PKT_TO_STRATUM(pkt->stratum);
 
+       /**/
+
+       /**/
+
+       /*
+        * Verify the server is synchronized; that is, the leap bits,
+        * stratum and root distance are valid.
+        */
+       if (   pleap == LEAP_NOTINSYNC          /* test 6 */
+           || pstratum < sys_floor || pstratum >= sys_ceiling)
+               peer->flash |= TEST6;           /* bad synch or strat */
+       if (p_del / 2 + p_disp >= MAXDISPERSE)  /* test 7 */
+               peer->flash |= TEST7;           /* bad header */
+
+       /*
+        * If any tests fail at this point, the packet is discarded.
+        * Note that some flashers may have already been set in the
+        * receive() routine.
+        */
+       if (peer->flash & PKT_TEST_MASK) {
+               peer->seldisptoolarge++;
+               DPRINTF(1, ("packet: flash header %04x\n",
+                           peer->flash));
+               return;
+       }
+
+       /**/
+
+#if 1
+       sys_processed++;
+       peer->processed++;
+#endif
+
        /*
         * Capture the header values in the client/peer association..
         */
@@ -2108,27 +2143,7 @@ process_packet(
        }
        poll_update(peer, peer->hpoll);
 
-       /*
-        * Verify the server is synchronized; that is, the leap bits,
-        * stratum and root distance are valid.
-        */
-       if (   pleap == LEAP_NOTINSYNC          /* test 6 */
-           || pstratum < sys_floor || pstratum >= sys_ceiling)
-               peer->flash |= TEST6;           /* bad synch or strat */
-       if (p_del / 2 + p_disp >= MAXDISPERSE)  /* test 7 */
-               peer->flash |= TEST7;           /* bad header */
-
-       /*
-        * If any tests fail at this point, the packet is discarded.
-        * Note that some flashers may have already been set in the
-        * receive() routine.
-        */
-       if (peer->flash & PKT_TEST_MASK) {
-               peer->seldisptoolarge++;
-               DPRINTF(1, ("packet: flash header %04x\n",
-                           peer->flash));
-               return;
-       }
+       /**/
 
        /*
         * If the peer was previously unreachable, raise a trap. In any