---
* [Sec 2899] CVE-2014-9297 perlinger@ntp.org
* [Sec 2901] Drop invalid packet before checking KoD. Check for all KoD's.
- Danny Mayer.
+ Danny Mayer. Log incoming packets that fail TEST2. Harlan Stenn.
* [Sec 2902] configuration directives "pidfile" and "driftfile"
should be local-only. perlinger@ntp.org (patch by Miroslav Lichvar)
* [Sec 2909] added missing call to 'free()' in ntp_crypto.c. perlinger@ntp.org
* Check for bogus packet in basic mode. If found, switch to
* interleaved mode and resynchronize, but only after confirming
* the packet is not bogus in symmetric interleaved mode.
+ *
+ * This could also mean somebody is forging packets claiming to
+ * be from us, attempting to cause our server to KoD us.
*/
} else if (peer->flip == 0) {
if (!L_ISEQU(&p_org, &peer->aorg)) {
peer->bogusorg++;
peer->flash |= TEST2; /* bogus */
+ msyslog(LOG_INFO,
+ "receive: Unexpected origin timestamp from %s",
+ ntoa(&peer->srcadr));
if ( !L_ISZERO(&peer->dst)
&& L_ISEQU(&p_org, &peer->dst)) {
peer->flip = 1;
pool->hostname));
else
msyslog(LOG_ERR,
- "unable to start pool DNS %s %m",
+ "unable to start pool DNS %s: %m",
pool->hostname);
return;
}
projects / thirdparty / ntp.git / commitdiff
