From: Harlan Stenn <stenn@ntp.org>
Date: Sat, 23 Jan 2016 11:36:37 +0000 (+0000)
Subject: [Sec 2901] KoD packets must have non-zero transmit timestamps.  HStenn.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fcfc8da2de39889e7d59c220deb19d8465c78548;p=thirdparty%2Fntp.git

[Sec 2901] KoD packets must have non-zero transmit timestamps.  HStenn.

bk: 56a365c5DwJkeZ8ennPLLR9swDOmzg
---

diff --git a/ChangeLog b/ChangeLog
index e2dae78f4..23f0ad45e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 ---
 
+* [Sec 2901] KoD packets must have non-zero transmit timestamps.  HStenn.
 * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
   time. Include passive servers in this check. HStenn.
 * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
index 072e01eed..02efb18b3 100644
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -1412,9 +1412,19 @@ receive(
 	 * Next comes a rigorous schedule of timestamp checking. If the
 	 * transmit timestamp is zero, the server has not initialized in
 	 * interleaved modes or is horribly broken.
+	 *
+	 * A KoD packet we pay attention to cannot have a 0 transmit
+	 * timestamp.
 	 */
 	if (L_ISZERO(&p_xmt)) {
 		peer->flash |= TEST3;			/* unsynch */
+		if (0 == hisstratum) {
+			peer->bogusorg++;	/* for TEST2 or TEST3 */
+			msyslog(LOG_INFO,
+				"receive: Unexpected zero transmit timestamp in KoD from %s",
+				ntoa(&peer->srcadr));
+			return;
+		}
 
 	/*
 	 * If the transmit timestamp duplicates a previous one, the