From: Harlan Stenn Date: Thu, 19 Mar 2015 07:54:24 +0000 (+0000) Subject: ntp_proto.c, ChangeLog: X-Git-Tag: NTP_4_2_8P2~5^2~3^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6bcee7e873cf67e3857f505731c7f5e4e3e629a4;p=thirdparty%2Fntp.git ntp_proto.c, ChangeLog: [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto. [Sec 2781] Authentication doesn't protect symmetric associations against DoS attacks. bk: 550a80b0iGyIv4t9J1GJ_74V_eEx4A --- diff --git a/ChangeLog b/ChangeLog index 04fb22a9d..ca71c988a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,9 @@ * [Bug 2773] Early leap announcement from Palisade/Thunderbolt * [Bug 2774] Unreasonably verbose printout - leap pending/warning * [Bug 2775] ntp-keygen.c fails to compile under Windows. +* [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto. +* [Sec 2781] Authentication doesn't protect symmetric associations against + DoS attacks. * [Bug 2783] Quiet autoconf warnings about missing AC_LANG_SOURCE. --- (4.2.8p1) 2015/02/04 Released by Harlan Stenn diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index 37c3f0325..356d2ca04 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -1255,16 +1255,6 @@ receive( peer->flash |= TEST2; /* bogus */ } - /* - * Update the state variables. - */ - if (peer->flip == 0) { - if (hismode != MODE_BROADCAST) - peer->rec = p_xmt; - peer->dst = rbufp->recv_time; - } - peer->xmt = p_xmt; - /* * If this is a crypto_NAK, the server cannot authenticate a * client packet. The server might have just changed keys. Clear @@ -1285,18 +1275,20 @@ receive( return; /* - * If the digest fails, the client cannot authenticate a server + * If the digest fails or it's missing for authenticated + * associations, the client cannot authenticate a server * reply to a client packet previously sent. The loopback check * is designed to avoid a bait-and-switch attack, which was * possible in past versions. If symmetric modes, return a * crypto-NAK. The peer should restart the protocol. */ - } else if (!AUTH(has_mac || (restrict_mask & RES_DONTTRUST), - is_authentic)) { + } else if (!AUTH(peer->keyid || has_mac || + (restrict_mask & RES_DONTTRUST), is_authentic)) { report_event(PEVNT_AUTH, peer, "digest"); peer->flash |= TEST5; /* bad auth */ peer->badauth++; - if (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE) + if (has_mac && + (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)) fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask); if (peer->flags & FLAG_PREEMPT) { unpeer(peer); @@ -1309,6 +1301,16 @@ receive( return; } + /* + * Update the state variables. + */ + if (peer->flip == 0) { + if (hismode != MODE_BROADCAST) + peer->rec = p_xmt; + peer->dst = rbufp->recv_time; + } + peer->xmt = p_xmt; + /* * Set the peer ppoll to the maximum of the packet ppoll and the * peer minpoll. If a kiss-o'-death, set the peer minpoll to