[pkg-ntp-maintainers] Bug#691412: patch for the ntpd bug 2174
csszep
csszep at gmail.com
Mon Nov 12 14:10:53 UTC 2012
Ok, i pached the source, with the following diff from
http://bk.ntp.org/ntp-dev/?PAGE=patch&REV=4f977538lZC_iBKp-J-Xg1LFrR9foQ
--- 1.340/ntpd/ntp_proto.c 2012-03-10 17:27:45 +00:00
+++ 1.341/ntpd/ntp_proto.c 2012-04-25 03:53:27 +00:00
@@ -394,18 +394,15 @@ receive(
* reveals a clogging attack.
*/
sys_received++;
- if (SRCPORT(&rbufp->recv_srcadr) < NTP_PORT) {
+ if (0 == SRCPORT(&rbufp->recv_srcadr)) {
sys_badlength++;
return; /* bogus port */
}
restrict_mask = restrictions(&rbufp->recv_srcadr);
-#ifdef DEBUG
- if (debug > 1)
- printf("receive: at %ld %s<-%s flags %x restrict %03x\n",
+ DPRINTF(2, ("receive: at %ld %s<-%s flags %x restrict %03x\n",
current_time, stoa(&rbufp->dstadr->sin),
stoa(&rbufp->recv_srcadr),
- rbufp->dstadr->flags, restrict_mask);
-#endif
+ rbufp->dstadr->flags, restrict_mask));
pkt = &rbufp->recv_pkt;
hisversion = PKT_VERSION(pkt->li_vn_mode);
hisleap = PKT_LEAP(pkt->li_vn_mode);
It tested it with a simple python ntp client:
from socket import *
import struct
import sys
import time
TIME1970 = 2208988800L
client = socket( AF_INET, SOCK_DGRAM )
client.bind(('', 112))
data = '\x1b' + 47 * '\0'
client.sendto( data, ( sys.argv[1], 123 ))
data, address = client.recvfrom( 1024 )
if data:
print 'Response received from:', address
t = struct.unpack( '!12I', data )[10]
t -= TIME1970
print '\tTime=%s' % time.ctime(t)
root at lab-test:~/ntppatch# python pythoncl 127.0.0.1
Response received from: ('127.0.0.1', 123)
Time=Tue Oct 30 10:52:55 2012
root at lab-test:~/ntppatch# ntpdc -n -c monlist
remote address port local address count m ver rstr avgint lstint
===============================================================================
127.0.0.1 112 127.0.0.1 16 3 3 0 28 53
thx
csszep
More information about the pkg-ntp-maintainers
mailing list