From: Harlan Stenn <stenn@ntp.org>
Date: Tue, 28 Feb 2017 11:46:17 +0000 (-0500)
Subject: [Sec 3361] 0rigin (zero origin) DoS.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7a3e5250409dce27b70214cbb45855bbe8b3d9bd;p=thirdparty%2Fntp.git

[Sec 3361] 0rigin (zero origin) DoS.

bk: 58b56309OyBGP4pGEYHVzLh4VoQ8pg
---

diff --git a/ChangeLog b/ChangeLog
index fea59795f..bbaec1473 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 ---
 (4.2.8p10)
 
+* [Sec 3361] 0rigin (zero origin) DoS.  HStenn.
 * [Bug 3363] Support for openssl-1.1.0 without compatibility modes
   - rework of patch set from <ntp.org@eroen.eu>. <perlinger@ntp.org>
 * [Bug 3356] Bugfix 3072 breaks multicastclient <perlinger@ntp.org>
diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
index 2d4fd0527..07090ede9 100644
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -1693,7 +1693,11 @@ receive(
 		} else if (L_ISZERO(&p_org)) {
 			const char *action;
 
+#ifdef BUG3361
+			msyslog(LOG_INFO,
+				"receive: BUG 3361: Clearing peer->aorg ");
 			L_CLR(&peer->aorg);
+#endif
 			/**/
 			switch (hismode) {
 			/* We allow 0org for: */