ntp: accept packets from unknown sources only from server sockets

diff --git a/ntp_core.c b/ntp_core.c
index 4e6eaffad72428328ef79217b7c082adaa2a5bd6..a63b5a23d36a7b90570efcd67792f984ed78ea4f 100644 (file)
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -1457,6 +1457,13 @@ NCR_ProcessUnknown
   int valid_auth, auth_len;
   unsigned long key_id;
 
+  /* Ignore the packet if it wasn't received by server socket */
+  if (!NIO_IsServerSocket(local_addr->sock_fd)) {
+    DEBUG_LOG(LOGF_NtpCore, "NTP request packet received by client socket %d",
+              local_addr->sock_fd);
+    return;
+  }
+
   /* Check version */
   version = (message->lvm >> 3) & 0x7;
   if (version < NTP_MIN_COMPAT_VERSION || version > NTP_MAX_COMPAT_VERSION) {

diff --git a/ntp_io.c b/ntp_io.c
index 839fd8c81474148b9e00fbc64dbd0763b03c39b7..8a901eb2dbb81ca24aa45a9df756cd454dfadd30 100644 (file)
--- a/ntp_io.c
+++ b/ntp_io.c
@@ -438,6 +438,19 @@ NIO_CloseClientSocket(int sock_fd)
 
 /* ================================================== */
 
+int
+NIO_IsServerSocket(int sock_fd)
+{
+  return sock_fd != INVALID_SOCK_FD &&
+    (sock_fd == server_sock_fd4
+#ifdef HAVE_IPV6
+     || sock_fd == server_sock_fd6
+#endif
+    );
+}
+
+/* ================================================== */
+
 static void
 read_from_socket(void *anything)
 {

diff --git a/ntp_io.h b/ntp_io.h
index b323fbac61f57cd25fee0acdca1f341631a0d4df..b4200d3fd9c83f70acd6e562e83ec42011c4359d 100644 (file)
--- a/ntp_io.h
+++ b/ntp_io.h
@@ -46,6 +46,9 @@ extern int NIO_GetServerSocket(NTP_Remote_Address *remote_addr);
 /* Function to close a socket returned by NIO_GetClientSocket() */
 extern void NIO_CloseClientSocket(int sock_fd);
 
+/* Function to check if socket is a server socket */
+extern int NIO_IsServerSocket(int sock_fd);
+
 /* Function to transmit a packet */
 extern void NIO_SendNormalPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr);