From: Harlan Stenn Date: Sun, 31 Dec 2017 10:49:37 +0000 (-0800) Subject: authistrustedip() - use it in more places X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e1a0bbddcc048b814ffb8acee060bfb14b42cffe;p=thirdparty%2Fntp.git authistrustedip() - use it in more places bk: 5a48c0c1kWXL9GdHqJAEh5q2GmfopA --- diff --git a/ChangeLog b/ChangeLog index bf3f9b10f..8698574f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -66,7 +66,8 @@ * When using pkg-config, report --modversion. HStenn. * Clean up libevent configure checks. HStenn. * sntp: show the IP of who sent us a crypto-NAK. HStenn. -* Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn. +* Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger. +* authistrustedip() - use it in more places. HStenn, JPerlinger. --- (4.2.8p10) 2017/03/21 Released by Harlan Stenn diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c index 1c2fae0e5..57d65238c 100644 --- a/ntpd/ntp_control.c +++ b/ntpd/ntp_control.c @@ -1264,7 +1264,7 @@ process_control( rbufp->recv_length, properlen, res_keyid, maclen)); - if (!authistrusted(res_keyid)) + if (!authistrustedip(res_keyid, &rbufp->recv_srcadr)) DPRINTF(3, ("invalid keyid %08x\n", res_keyid)); else if (authdecrypt(res_keyid, (u_int32 *)pkt, rbufp->recv_length - maclen, diff --git a/ntpd/ntp_request.c b/ntpd/ntp_request.c index 5e0e6f82f..1acbf80d4 100644 --- a/ntpd/ntp_request.c +++ b/ntpd/ntp_request.c @@ -582,6 +582,7 @@ process_private( * him. If the wrong key was used, or packet doesn't * have mac, return. */ + /* XXX: Use authistrustedip(), or equivalent. */ if (!INFO_IS_AUTH(inpkt->auth_seq) || !info_auth_keyid || ntohl(tailinpkt->keyid) != info_auth_keyid) { DPRINTF(5, ("failed auth %d info_auth_keyid %u pkt keyid %u maclen %lu\n",