From: Juergen Perlinger Date: Sun, 11 Oct 2015 06:10:20 +0000 (+0200) Subject: [Bug 2941] NAK to the Future: Symmetric association authentication bypass via crypto-NAK X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=40c499774c5422940878cf413265119f7071d8a7;p=thirdparty%2Fntp.git [Bug 2941] NAK to the Future: Symmetric association authentication bypass via crypto-NAK bk: 5619fd4cu9-bPDW4AmV40Xqs7k1I-A --- diff --git a/ChangeLog b/ChangeLog index b022ef6f6..1e85bae59 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,7 @@ --- +* [Bug 2941] NAK to the Future: Symmetric association authentication + bypass via crypto-NAK. Patch applied. perlinger@ntp.org +--- (4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn * [Bug 2332] (reopened) Exercise thread cancellation once before dropping diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index 44f66ef6d..c8ee280b9 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -1133,6 +1133,24 @@ receive( sys_restricted++; return; } + /* [Bug 2941] + * If we got here, the packet isn't part of an + * existing association, it isn't correctly + * authenticated, and it didn't meet either of + * the previous two special cases so we should + * just drop it on the floor. For example, + * crypto-NAKs (is_authentic == AUTH_CRYPTO) + * will make it this far. This is just + * debug-printed and not logged to avoid log + * flooding. + */ + DPRINTF(1, ("receive: at %ld refusing to mobilize passive association" + " with unknown peer %s mode %d keyid %08x len %d auth %d\n", + current_time, stoa(&rbufp->recv_srcadr), + hismode, skeyid, (authlen + has_mac), + is_authentic)); + sys_declined++; + return; } /*