---
-
+* [Sec 2956] small-step/big-step. Close the panic gate earlier. HStenn.
+* [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray
+ * [Bug 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
+* [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
+ - fixed data race conditions in threaded DNS worker. perlinger@ntp.org
+ - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
---
-(4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn <stenn@ntp.org>
+(4.2.8p4) 2015/10/21 Released by Harlan Stenn <stenn@ntp.org>
- (4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn <stenn@ntp.org>
+* [Sec 2899] CVE-2014-9297 perlinger@ntp.org
+* [Sec 2901] Drop invalid packet before checking KoD. Check for all KoD's.
+ Danny Mayer. Log incoming packets that fail TEST2. Harlan Stenn.
+* [Sec 2902] configuration directives "pidfile" and "driftfile"
+ should be local-only. perlinger@ntp.org (patch by Miroslav Lichvar)
+* [Sec 2909] added missing call to 'free()' in ntp_crypto.c. perlinger@ntp.org
+* [Sec 2913] TALOS-CAN-0052: crash by loop counter underrun. perlinger@ntp.org
+* [Sec 2916] TALOS-CAN-0054: memory corruption in password store. JPerlinger
+* [Sec 2917] TALOS-CAN-0055: Infinite loop if extended logging enabled and
+ the logfile and keyfile are the same. perlinger@ntp.org
+* [Sec 1918] TALOS-CAN-0062: prevent directory traversal for VMS, too, when
+ using 'saveconfig' command. perlinger@ntp.org
+* [Bug 2919] TALOS-CAN-0063: avoid buffer overrun in ntpq. perlinger@ntp.org
+* [Sec 2020] TALOS-CAN-0064: signed/unsiged clash could lead to buffer overun
+ and memory corruption. perlinger@ntp.org
+* [Sec 2921] TALOS-CAN-0065: password length memory corruption. JPerlinger.
+* [Sec 2922] decodenetnum() will ASSERT botch instead of returning FAIL
+ on some bogus values. Harlan Stenn.
+* [Sec 2941] NAK to the Future: Symmetric association authentication
+ bypass via crypto-NAK. Patch applied. perlinger@ntp.org
* [Bug 2332] (reopened) Exercise thread cancellation once before dropping
privileges and limiting resources in NTPD removes the need to link
forcefully against 'libgcc_s' which does not always work. J.Perlinger
* interleaved mode and resynchronize, but only after confirming
* the packet is not bogus in symmetric interleaved mode.
*
+ * Since a cleared 'aorg' is the indication for 'no response
+ * pending' we have to test this explicitely. Of course, should
+ * 'aorg' be all-zero because this was the original transmit
+ * time stamp, we will drop the reply. There's a sub-second slot
+ * every 136 years where this *might* happen, so we ignore this
+ * possible drop of a valid response.
++ *
+ * This could also mean somebody is forging packets claiming to
+ * be from us, attempting to cause our server to KoD us.
*/
} else if (peer->flip == 0) {
- if (!L_ISEQU(&p_org, &peer->aorg)) {
+ if (L_ISZERO(&peer->aorg) ||
+ !L_ISEQU(&p_org, &peer->aorg)) {
peer->bogusorg++;
peer->flash |= TEST2; /* bogus */
- if (!L_ISZERO(&peer->dst) && L_ISEQU(&p_org,
- &peer->dst)) {
+ msyslog(LOG_INFO,
+ "receive: Unexpected origin timestamp from %s",
+ ntoa(&peer->srcadr));
+ if ( !L_ISZERO(&peer->dst)
+ && L_ISEQU(&p_org, &peer->dst)) {
peer->flip = 1;
report_event(PEVNT_XLEAVE, peer, NULL);
}
projects / thirdparty / ntp.git / commitdiff
