ntp: fix length check of NTPv4 extension fields

author Miroslav Lichvar <mlichvar@redhat.com>

Wed, 7 Jan 2015 12:58:11 +0000 (13:58 +0100)

committer Miroslav Lichvar <mlichvar@redhat.com>

Wed, 7 Jan 2015 13:12:29 +0000 (14:12 +0100)
author Miroslav Lichvar <mlichvar@redhat.com>
Wed, 7 Jan 2015 12:58:11 +0000 (13:58 +0100)
committer Miroslav Lichvar <mlichvar@redhat.com>
Wed, 7 Jan 2015 13:12:29 +0000 (14:12 +0100)
diff --git a/ntp_core.c b/ntp_core.c

index 8615bc82f292b0ddec1f61c3b464162fc817b3c8..74559815cfef3b84ad2656a4b00e88da81ca65be 100644 (file)
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -1040,7 +1040,8 @@ check_packet_auth(NTP_Packet *pkt, int length, int *has_auth, uint32_t *key_id)
         16-bit length of the whole field aligned to 32 bits and data. */
      if (remainder >= NTP_MIN_EXTENSION_LENGTH) {
        ext_length = ntohs(*(uint16_t *)(data + i + 2));
-      if (ext_length % 4 == 0 && ext_length <= remainder) {
+      if (ext_length >= NTP_MIN_EXTENSION_LENGTH &&
+          ext_length <= remainder && ext_length % 4 == 0) {
          i += ext_length;
          continue;
        }
author	Miroslav Lichvar <mlichvar@redhat.com>
	Wed, 7 Jan 2015 12:58:11 +0000 (13:58 +0100)
committer	Miroslav Lichvar <mlichvar@redhat.com>
	Wed, 7 Jan 2015 13:12:29 +0000 (14:12 +0100)