File ntp-CVE-2015-1798.patch of Package ntp.500

Overview Repositories Revisions Requests Users Attributes Meta

File ntp-CVE-2015-1798.patch of Package ntp.500

diff -up ntp-4.2.8p1/ntpd/ntp_proto.c.orig ntp-4.2.8p1/ntpd/ntp_proto.c
--- ntpd/ntp_proto.c.orig	2015-01-03 04:47:47.000000000 +0100
+++ ntpd/ntp_proto.c	2015-03-04 11:59:04.557881767 +0100
@@ -1285,18 +1285,20 @@ receive(
 		return;
 
 	/* 
-	 * If the digest fails, the client cannot authenticate a server
+	 * If the digest fails or it's missing for authenticated
+	 * associations, the client cannot authenticate a server
 	 * reply to a client packet previously sent. The loopback check
 	 * is designed to avoid a bait-and-switch attack, which was
 	 * possible in past versions. If symmetric modes, return a
 	 * crypto-NAK. The peer should restart the protocol.
 	 */
-	} else if (!AUTH(has_mac || (restrict_mask & RES_DONTTRUST),
-	    is_authentic)) {
+	} else if (!AUTH(peer->keyid || has_mac ||
+			 (restrict_mask & RES_DONTTRUST), is_authentic)) {
 		report_event(PEVNT_AUTH, peer, "digest");
 		peer->flash |= TEST5;		/* bad auth */
 		peer->badauth++;
-		if (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)
+		if (has_mac &&
+		    (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
 			fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
 		if (peer->flags & FLAG_PREEMPT) {
 			unpeer(peer);

Places

File ntp-CVE-2015-1798.patch of Package ntp.500

Places