[Bug 2945] Zero Origin Timestamp Bypass

bk: 5622bb7dRIhjq2EoFHGH3kfjeMY-Yw

diff --git a/ChangeLog b/ChangeLog
index b022ef6f6a86c267d69a5ae3c8fa64474ef83859..e8ad1cc624fd129db7b1991a86cfb6328d01ac70 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
 ---
+* [Bug 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
+---
 (4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn <stenn@ntp.org>
 
 * [Bug 2332] (reopened) Exercise thread cancellation once before dropping

diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
index 44f66ef6d4a13b29ab46217523f28326551b30dd..ad5d5925af840a749a02121ebc22e632f19531b4 100644 (file)
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -1256,9 +1256,17 @@ receive(
         * Check for bogus packet in basic mode. If found, switch to
         * interleaved mode and resynchronize, but only after confirming
         * the packet is not bogus in symmetric interleaved mode.
+        *
+        * Since a cleared 'aorg' is the indication for 'no response
+        * pending' we have to test this explicitely. Of course, should
+        * 'aorg' be all-zero because this was the original transmit
+        * time stamp, we will drop the reply. There's a sub-second slot
+        * every 136 years where this *might* happen, so we ignore this
+        * possible drop of a valid response.
         */
        } else if (peer->flip == 0) {
-               if (!L_ISEQU(&p_org, &peer->aorg)) {
+               if (L_ISZERO(&peer->aorg) ||
+                   !L_ISEQU(&p_org, &peer->aorg)) {
                        peer->bogusorg++;
                        peer->flash |= TEST2;   /* bogus */
                        if (!L_ISZERO(&peer->dst) && L_ISEQU(&p_org,