+---
+* [Bug 3554] config revoke stores incorrect value <perlinger@ntp.org>
+ - original finding by Gerry Garvey, additional cleanup needed
+
---
(4.2.8p12) 2018/08/14 Released by Harlan Stenn <stenn@ntp.org>
extern char *sys_hostname; /* host name */
extern char *sys_groupname; /* group name */
extern char *group_name; /* group name */
-extern u_long sys_revoke; /* keys revoke timeout */
-extern u_long sys_automax; /* session key timeout */
+extern u_char sys_revoke; /* keys revoke timeout */
+extern u_char sys_automax; /* session key timeout */
#endif /* AUTOKEY */
/* ntp_util.c */
#ifdef AUTOKEY
/* crypto revoke command */
- if (ptree->auth.revoke)
- sys_revoke = 1UL << ptree->auth.revoke;
+ if (ptree->auth.revoke > 2 && ptree->auth.revoke < 32)
+ sys_revoke = (u_char)ptree->auth.revoke;
+ else if (ptree->auth.revoke)
+ msyslog(LOG_ERR,
+ "'revoke' value %d ignored",
+ ptree->auth.revoke);
#endif /* AUTOKEY */
}
#endif /* !SIM */
case T_Automax:
#ifdef AUTOKEY
- sys_automax = curr_var->value.i;
+ if (curr_var->value.i > 2 && curr_var->value.i < 32)
+ sys_automax = (u_char)curr_var->value.i;
+ else
+ msyslog(LOG_ERR,
+ "'automax' value %d ignored",
+ curr_var->value.i);
#endif
break;
* included in the hash is zero if broadcast mode, the peer
* cookie if client mode or the host cookie if symmetric modes.
*/
- mpoll = 1 << min(peer->ppoll, peer->hpoll);
- lifetime = min(1U << sys_automax, NTP_MAXSESSION * mpoll);
+ mpoll = 1U << min(peer->ppoll, peer->hpoll);
+ lifetime = min((1UL << sys_automax), NTP_MAXSESSION * mpoll);
if (peer->hmode == MODE_BROADCAST)
cookie = 0;
else
#ifdef AUTOKEY
static u_long revoke_timer; /* keys revoke timer */
static u_long keys_timer; /* session key timer */
-u_long sys_revoke = KEY_REVOKE; /* keys revoke timeout (log2 s) */
-u_long sys_automax = NTP_AUTOMAX; /* key list timeout (log2 s) */
+u_char sys_revoke = KEY_REVOKE; /* keys revoke timeout (log2 s) */
+u_char sys_automax = NTP_AUTOMAX; /* key list timeout (log2 s) */
#endif /* AUTOKEY */
/*
* Garbage collect expired keys.
*/
if (keys_timer <= current_time) {
- keys_timer += 1 << sys_automax;
+ keys_timer += (1UL << sys_automax);
auth_agekeys();
}
* to regenerate cookies.
*/
if (revoke_timer && revoke_timer <= current_time) {
- revoke_timer += 1 << sys_revoke;
+ revoke_timer += (1UL << sys_revoke);
RAND_bytes((u_char *)&sys_private, 4);
}
#endif /* AUTOKEY */
projects / thirdparty / ntp.git / commitdiff
