* [Sec 3610] process_control() should bail earlier on short packets. stenn@
- Reported by Philippe Antoine
+* [Sec 3592] DoS attack on client ntpd <perlinger@ntp.org>
+ - Reported by Miroslav Lichvar
* [Bug 3620] memory leak in ntpq sysinfo <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3619] Honour drefid setting in cooked mode and sysinfo <perlinger@ntp.org>
u_char mpoll
)
{
- u_long next, utemp;
+ u_long next, utemp, limit;
u_char hpoll;
/*
*/
utemp = current_time + max(peer->throttle - (NTP_SHIFT - 1) *
(1 << peer->minpoll), ntp_minpkt);
+
+ /*[Bug 3592] avoid unlimited postpone of next poll */
+ limit = (2u << hpoll);
+ if (limit > 64)
+ limit -= (limit >> 2);
+ limit += peer->outdate;
+ if (limit < current_time)
+ limit = current_time;
+
if (peer->burst > 0) {
if (peer->nextdate > current_time)
return;
if (peer->throttle > (1 << peer->minpoll))
peer->nextdate += ntp_minpkt;
}
+
+ /*[Bug 3592] avoid unlimited postpone of next poll */
+ if (peer->nextdate > limit) {
+ DPRINTF(1, ("poll_update: clamp reached; limit %lu next %lu\n",
+ limit, peer->nextdate));
+ peer->nextdate = limit;
+ }
DPRINTF(2, ("poll_update: at %lu %s poll %d burst %d retry %d head %d early %lu next %lu\n",
current_time, ntoa(&peer->srcadr), peer->hpoll,
peer->burst, peer->retry, peer->throttle,
projects / thirdparty / ntp.git / commitdiff
