From: Dave Hart <hart@ntp.org>
Date: Wed, 7 Oct 2009 01:33:22 +0000 (+0000)
Subject: [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
X-Git-Tag: NTP_4_2_4P9_RC1~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ad55047c8050d0fe9571d460de39e1b6cfd200a;p=thirdparty%2Fntp.git

[Sec 1331] DoS with mode 7 packets - CVE-2009-3563.

bk: 4acbefe2GioPCUv-TNpIvmyOyTz4IA
---

diff --git a/ChangeLog b/ChangeLog
index 3757c47f1..ff60adca6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+---
+
+* [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
+
 ---
 (4.2.4p7) 2009/05/18 Released by Harlan Stenn <stenn@ntp.org>
 
diff --git a/ntpd/ntp_request.c b/ntpd/ntp_request.c
index 2af0f0bce..f5eed4449 100644
--- a/ntpd/ntp_request.c
+++ b/ntpd/ntp_request.c
@@ -409,6 +409,7 @@ process_private(
 	int mod_okay
 	)
 {
+	static u_long quiet_until;
 	struct req_pkt *inpkt;
 	struct req_pkt_tail *tailinpkt;
 	struct sockaddr_storage *srcadr;
@@ -444,8 +445,14 @@ process_private(
 	    || (++ec, INFO_MBZ(inpkt->mbz_itemsize) != 0)
 	    || (++ec, rbufp->recv_length < REQ_LEN_HDR)
 		) {
-		msyslog(LOG_ERR, "process_private: INFO_ERR_FMT: test %d failed, pkt from %s", ec, stoa(srcadr));
-		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
+		NLOG(NLOG_SYSEVENT)
+			if (current_time >= quiet_until) {
+				msyslog(LOG_ERR,
+					"process_private: drop test %d"
+					" failed, pkt from %s",
+					ec, stoa(srcadr));
+				quiet_until = current_time + 60;
+			}
 		return;
 	}