ntp: don't send response longer than request

When sending a response in the server or passive mode, make sure the
response is not longer than the request to prevent amplification
attacks when resposes may contain extension fields (e.g. NTS).

diff --git a/ntp_core.c b/ntp_core.c
index bc24b181d73f3fde48b827aa1cc93a61074671f9..21764f106ba6a953e9ca89ce1dc2614ba3f7ec4b 100644 (file)
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -1120,6 +1120,12 @@ transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */
            UTI_IsEqualAnyNtp64(&message.transmit_ts, &message.receive_ts,
                                &message.originate_ts, local_ntp_tx));
 
+  if (request_info && request_info->length < info.length) {
+    DEBUG_LOG("Response longer than request req_len=%d res_len=%d",
+              request_info->length, info.length);
+    return 0;
+  }
+
   ret = NIO_SendPacket(&message, where_to, from, info.length, local_tx != NULL);
 
   if (local_tx) {