[Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn.

bk: 56a365c5DwJkeZ8ennPLLR9swDOmzg

diff --git a/ChangeLog b/ChangeLog
index e2dae78f4df2eed9c9b8f9d9096847b00eef2018..23f0ad45e4ec96d8983d3536af99ce37924a23fd 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 ---
 
+* [Sec 2901] KoD packets must have non-zero transmit timestamps.  HStenn.
 * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
   time. Include passive servers in this check. HStenn.
 * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org

diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
index 072e01eededea96d9b4602eba1448c75bf271561..02efb18b34f23c2caea50ef92f85ab82e05eb0a3 100644 (file)
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -1412,9 +1412,19 @@ receive(
         * Next comes a rigorous schedule of timestamp checking. If the
         * transmit timestamp is zero, the server has not initialized in
         * interleaved modes or is horribly broken.
+        *
+        * A KoD packet we pay attention to cannot have a 0 transmit
+        * timestamp.
         */
        if (L_ISZERO(&p_xmt)) {
                peer->flash |= TEST3;                   /* unsynch */
+               if (0 == hisstratum) {
+                       peer->bogusorg++;       /* for TEST2 or TEST3 */
+                       msyslog(LOG_INFO,
+                               "receive: Unexpected zero transmit timestamp in KoD from %s",
+                               ntoa(&peer->srcadr));
+                       return;
+               }
 
        /*
         * If the transmit timestamp duplicates a previous one, the