[Bug 3036] autokey trips an INSIST in authistrustedip()

bk: 57189957BP88H-3KgE1tKyPyzFUXxw

diff --git a/ChangeLog b/ChangeLog
index a99c3a9feb514a013f3fbcb4484de5f74c8295b9..95eda28c82054d80aef4ae1b063a2af0d8dfd940 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -27,6 +27,7 @@
   - Check the initial delay calculation and reject/unpeer the broadcast
     server if the delay exceeds 50ms. Retry again after the next
     broadcast packet.
+* [Bug 3036] autokey trips an INSIST in authistrustedip().  Harlan Stenn.
 * Document ntp.key's optional IP list in authenetic.html.  Harlan Stenn.
 * Fix some Credit: attributions in the NEWS file.  Harlan Stenn.
 * Fix typo in html/monopt.html.  Harlan Stenn.

diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
index 34d022d51a281677c58c9ebc68f3ab8af3556ed5..f076f6c3352b64e9dfef7b64d4363689f3b60bd3 100644 (file)
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -1606,17 +1606,22 @@ receive(
        /*
         * If:
         *      - this is a *cast (uni-, broad-, or m-) server packet
-        *      - and it's authenticated
+        *      - and it's symmetric-key authenticated
         * then see if the sender's IP is trusted for this keyid.
         * If it is, great - nothing special to do here.
         * Otherwise, we should report and bail.
+        *
+        * Autokey-authenticated packets are accepted.
         */
 
        switch (hismode) {
            case MODE_SERVER:           /* server mode */
            case MODE_BROADCAST:        /* broadcast mode */
            case MODE_ACTIVE:           /* symmetric active mode */
+               DEBUG_INSIST((is_authentic == AUTH_OK) && !skeyid);
                if (   is_authentic == AUTH_OK
+                   && skeyid
+                   && skeyid <= NTP_MAXKEY
                    && !authistrustedip(skeyid, &peer->srcadr)) {
                        report_event(PEVNT_AUTH, peer, "authIP");
                        peer->badauth++;