From: Harlan Stenn Date: Thu, 10 May 2001 05:16:49 +0000 (-0000) Subject: ChangeLog, ntp_loopfilter.c, ntp_proto.c: X-Git-Tag: NTP_4_0_99_M~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b77eca72d4110fdfc2f41b3ae575887b50db8655;p=thirdparty%2Fntp.git ChangeLog, ntp_loopfilter.c, ntp_proto.c: * ntpd/ntp_proto.c (receive): Validate the source port. Lose NTPv1 support. * ntpd/ntp_loopfilter.c (local_clock): Sanity check sys_poll earlier instead of later. From: Dave Mills. ChangeLog, aclocal.m4, configure, configure.in: * configure.in: 4.0.99k33 bk: 3afa2441pPmQJNtfAHIYBndLfP4qgA --- diff --git a/ChangeLog b/ChangeLog index 5bba961e87..4c678afcb1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ 2001-05-10 Harlan Stenn + * configure.in: 4.0.99k33 + + * ntpd/ntp_proto.c (receive): Validate the source port. Lose + NTPv1 support. + * ntpd/ntp_loopfilter.c (local_clock): Sanity check sys_poll + earlier instead of later. + From: Dave Mills. + * ntpd/refclock_oncore.c (oncore_msg_any): We don't always have GETTIMEOFDAY(). diff --git a/configure b/configure index 64fca1b2c6..985a26952f 100755 --- a/configure +++ b/configure @@ -1397,7 +1397,7 @@ fi # Define the identity of the package. PACKAGE=ntp -VERSION=4.0.99k32 +VERSION=4.0.99k33 cat >>confdefs.h < peer->maxpoll) + sys_poll = peer->maxpoll; + else if (sys_poll < peer->minpoll) + sys_poll = peer->minpoll; clock_frequency = flladj = plladj = 0; mu = peer->epoch - last_time; if (fabs(fp_offset) > clock_max && clock_max > 0) { @@ -403,10 +407,6 @@ local_clock( * and ignore it. */ default: - if (sys_poll > peer->maxpoll) - sys_poll = peer->maxpoll; - else if (sys_poll < peer->minpoll) - sys_poll = peer->minpoll; allow_panic = TRUE; if (fabs(fp_offset - last_offset) > CLOCK_SGATE * oerror && mu < diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index 865f3c3837..c19958b83f 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -307,8 +307,12 @@ receive( current_time, ntoa(&rbufp->dstadr->sin), ntoa(&rbufp->recv_srcadr), restrict_mask); #endif - if (restrict_mask & RES_IGNORE) { + if (restrict_mask & RES_IGNORE) return; /* no anything */ + if (!(SRCPORT(&rbufp->recv_srcadr) == NTP_PORT || + SRCPORT(&rbufp->recv_srcadr) >= IPPORT_RESERVED)) { + sys_badlength++; + return; /* invalid port */ } pkt = &rbufp->recv_pkt; if (PKT_VERSION(pkt->li_vn_mode) == NTP_VERSION) { @@ -318,7 +322,7 @@ receive( sys_oldversionpkt++; /* old version */ } else { sys_unknownversion++; - return; + return; /* invalid version */ } if (PKT_MODE(pkt->li_vn_mode) == MODE_PRIVATE) { if (restrict_mask & RES_NOQUERY) @@ -335,30 +339,16 @@ receive( } if (rbufp->recv_length < LEN_PKT_NOMAC) { sys_badlength++; - return; /* no runt packets */ + return; /* runt packet */ } /* - * Figure out his mode and validate the packet. This has some - * legacy raunch that probably should be removed. If from NTPv1 - * mode zero, The mode is determined from the source port. If - * the port number is zero, it is from a symmetric active - * association; otherwise, it is from a client association. From - * NTPv2 on, all we do is toss out mode zero packets, since - * control and private mode packets have already been handled. + * Validate mode. Note that NTPv1 is no longer supported. */ hismode = (int)PKT_MODE(pkt->li_vn_mode); - if (PKT_VERSION(pkt->li_vn_mode) == NTP_OLDVERSION && hismode == - 0) { - if (SRCPORT(&rbufp->recv_srcadr) == NTP_PORT) - hismode = MODE_ACTIVE; - else - hismode = MODE_CLIENT; - } else { - if (hismode == MODE_UNSPEC) { - sys_badlength++; - return; /* invalid mode */ - } + if (hismode == MODE_UNSPEC) { + sys_badlength++; + return; /* invalid mode */ } /*