From: Harlan Stenn Date: Sun, 21 Dec 2014 01:24:15 +0000 (+0000) Subject: [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs X-Git-Tag: NTP_4_2_8P1_BETA1~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b126d9e255363e9b5e7ab60cf42e7a5d670fd18;p=thirdparty%2Fntp.git [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs bk: 5496213frLaEz5PHLZVhuYjM7Lalkw --- diff --git a/ChangeLog b/ChangeLog index 4d2ea91b0..4e3130910 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,4 @@ +* [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs. --- (4.2.8) 2014/12/19 Released by Harlan Stenn diff --git a/ntpd/ntp_io.c b/ntpd/ntp_io.c index ae00e55d1..d771cf5d8 100644 --- a/ntpd/ntp_io.c +++ b/ntpd/ntp_io.c @@ -3450,19 +3450,18 @@ read_network_packet( */ // temporary hack... -#ifndef HAVE_SOLARIS_PRIVS if (AF_INET6 == itf->family) { DPRINTF(1, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n", stoa(&rb->recv_srcadr), - IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr), + IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr.sa6.sin6_addr), stoa(&itf->sin), - !IN6_IS_ADDR_LOOPBACK(&itf->sin) + !IN6_IS_ADDR_LOOPBACK(&itf->sin.sa6.sin6_addr) )); } if ( AF_INET6 == itf->family - && IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr) - && !IN6_IS_ADDR_LOOPBACK(&itf->sin) + && IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr.sa6.sin6_addr) + && !IN6_IS_ADDR_LOOPBACK(&itf->sin.sa6.sin6_addr) ) { packets_dropped++; DPRINTF(1, ("DROPPING that packet\n")); @@ -3470,7 +3469,6 @@ read_network_packet( return buflen; } DPRINTF(1, ("processing that packet\n")); -#endif /* * Got one. Mark how and when it got here,