]> git.ipfire.org Git - thirdparty/ntp.git/commitdiff
projects / thirdparty / ntp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3aab5a4)
[Sec 2672] Code cleanup: On some OSes ::1 can be spoofed...
authorHarlan Stenn <stenn@ntp.org>
Fri, 23 Jan 2015 10:29:31 +0000 (10:29 +0000)
committerHarlan Stenn <stenn@ntp.org>
Fri, 23 Jan 2015 10:29:31 +0000 (10:29 +0000)
bk: 54c2228bpOp4_zrX9aGXdMEZJEGzkg

ChangeLog patch | blob | blame | history
ntpd/ntp_io.c patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index a11544298d53578f1e065e0d2a45ee35572b5aa2..32b7b34ae7ab8218333b5ee929c63950be5829c4 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 ---
 
 * [Bug 2617] Fix sntp Usage documentation section.
+* [Sec 2672] Code cleanup: On some OSes ::1 can be spoofed...
 ---
 (4.2.8p1-beta5) 2015/01/07 Released by Harlan Stenn <stenn@ntp.org>
 
diff --git a/ntpd/ntp_io.c b/ntpd/ntp_io.c
index f01088d4d04a2cb62e5ea65730728b8886567391..1ee7098ae16438423f1e4b3d2044fbfaf2baf173 100644 (file)
--- a/ntpd/ntp_io.c
+++ b/ntpd/ntp_io.c
@@ -3482,26 +3482,24 @@ read_network_packet(
        ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1
        */
 
-       // temporary hack...
        if (AF_INET6 == itf->family) {
-               DPRINTF(1, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n",
+               DPRINTF(2, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n",
                        stoa(&rb->recv_srcadr),
                        IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)),
                        stoa(&itf->sin),
                        !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin))
                        ));
-       }
 
-       if (   AF_INET6 == itf->family
-           && IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr))
-           && !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin))
-          ) {
-               packets_dropped++;
-               DPRINTF(1, ("DROPPING that packet\n"));
-               freerecvbuf(rb);
-               return buflen;
+               if (   IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr))
+                   && !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin))
+                  ) {
+                       packets_dropped++;
+                       DPRINTF(2, ("DROPPING that packet\n"));
+                       freerecvbuf(rb);
+                       return buflen;
+               }
+               DPRINTF(2, ("processing that packet\n"));
        }
-       DPRINTF(1, ("processing that packet\n"));
 
        /*
         * Got one.  Mark how and when it got here,
Mirror of https://github.com/ntp-project/ntp.git