---
+* [Bug 3610] process_control() should bail earlier on short packets. stenn@
+ - Reported by Philippe Antoine
* [Bug 3608] libparse fails to compile on S11.4SRU13 and later <perlinger@ntp.org>
- removed ffs() and fls() prototypes as per Brian Utterback
* [Bug 3604] Wrong param byte order passing into record_raw_stats() in
pkt = (struct ntp_control *)&rbufp->recv_pkt;
/*
- * If the length is less than required for the header, or
- * it is a response or a fragment, ignore this.
+ * If the length is less than required for the header,
+ * ignore it.
*/
- if (rbufp->recv_length < (int)CTL_HEADER_LEN
- || (CTL_RESPONSE | CTL_MORE | CTL_ERROR) & pkt->r_m_e_op
+ if (rbufp->recv_length < (int)CTL_HEADER_LEN) {
+ DPRINTF(1, ("Short control packet\n"));
+ numctltooshort++;
+ return;
+ }
+
+ /*
+ * If this packet is a response or a fragment, ignore it.
+ */
+ if ( (CTL_RESPONSE | CTL_MORE | CTL_ERROR) & pkt->r_m_e_op
|| pkt->offset != 0) {
DPRINTF(1, ("invalid format in control packet\n"));
- if (rbufp->recv_length < (int)CTL_HEADER_LEN)
- numctltooshort++;
if (CTL_RESPONSE & pkt->r_m_e_op)
numctlinputresp++;
if (CTL_MORE & pkt->r_m_e_op)
numctlbadoffset++;
return;
}
+
res_version = PKT_VERSION(pkt->li_vn_mode);
if (res_version > NTP_VERSION || res_version < NTP_OLDVERSION) {
DPRINTF(1, ("unknown version %d in control packet\n",
projects / thirdparty / ntp.git / commitdiff
