Skip to content
Permalink
Browse files

[Bug 2941] NAK to the Future: Symmetric association authentication by…

…pass via crypto-NAK
  • Loading branch information...
Unknown committed Oct 11, 2015
1 parent fa28d6f commit aa44b5835d69d8ee031736bb8ee2730a514edb7d
Showing with 21 additions and 0 deletions.
  1. +3 −0 ChangeLog
  2. +18 −0 ntpd/ntp_proto.c
@@ -1,4 +1,7 @@
---
* [Bug 2941] NAK to the Future: Symmetric association authentication
bypass via crypto-NAK. Patch applied. perlinger@ntp.org
---
(4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2332] (reopened) Exercise thread cancellation once before dropping
@@ -1133,6 +1133,24 @@ receive(
sys_restricted++;
return;
}
/* [Bug 2941]
* If we got here, the packet isn't part of an
* existing association, it isn't correctly
* authenticated, and it didn't meet either of
* the previous two special cases so we should
* just drop it on the floor. For example,
* crypto-NAKs (is_authentic == AUTH_CRYPTO)
* will make it this far. This is just
* debug-printed and not logged to avoid log
* flooding.
*/
DPRINTF(1, ("receive: at %ld refusing to mobilize passive association"
" with unknown peer %s mode %d keyid %08x len %d auth %d\n",
current_time, stoa(&rbufp->recv_srcadr),
hismode, skeyid, (authlen + has_mac),
is_authentic));
sys_declined++;
return;
}

/*

0 comments on commit aa44b58

Please sign in to comment.
You can’t perform that action at this time.