From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 29 Nov 2016 11:59:57 +0000 (+0100)
Subject: ntp: truncate MACs in NTPv4 packets
X-Git-Tag: 3.0-pre1~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c8588c13ca397b75fb07c0f34e16f37eb7e6d97;p=thirdparty%2Fchrony.git

ntp: truncate MACs in NTPv4 packets

When sending an NTPv4 packet, truncate long MAC to 192 bits to follow
RFC 7822.
---

diff --git a/ntp_core.c b/ntp_core.c
index 6a5701cc..01c103f6 100644
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -849,7 +849,7 @@ transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */
                 )
 {
   NTP_Packet message;
-  int auth_len, length, ret, precision;
+  int auth_len, mac_len, length, ret, precision;
   struct timespec local_receive, local_transmit;
   NTP_int64 ts_fuzz;
 
@@ -979,8 +979,16 @@ transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */
         DEBUG_LOG(LOGF_NtpCore, "Could not generate auth data with key %"PRIu32, key_id);
         return 0;
       }
+
       message.auth_keyid = htonl(key_id);
-      length += sizeof (message.auth_keyid) + auth_len;
+      mac_len = sizeof (message.auth_keyid) + auth_len;
+
+      /* Truncate MACs in NTPv4 packets to allow deterministic parsing
+         of extension fields (RFC 7822) */
+      if (version == 4 && mac_len > NTP_MAX_V4_MAC_LENGTH)
+        mac_len = NTP_MAX_V4_MAC_LENGTH;
+
+      length += mac_len;
     } else if (auth_mode == AUTH_MSSNTP) {
       /* MS-SNTP packets are signed (asynchronously) by ntp_signd */
       return NSD_SignAndSendPacket(key_id, &message, where_to, from, length);