Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-1-5]: src/dist/ntp/ntpd Pull up revision 1.2 (requested by simonb);



details:   https://anonhg.NetBSD.org/src/rev/9181c214979e
branches:  netbsd-1-5
changeset: 491120:9181c214979e
user:      jhawk <jhawk%NetBSD.org@localhost>
date:      Thu Apr 05 09:45:27 2001 +0000

description:
Pull up revision 1.2 (requested by simonb);
(actually, this is the diff from 1.1.1.2 to 1.2, not 1.1 to 1.2):
  Fix a DoS attack (and possibly, but not confirmed, a root exploit) in
  ntpd.
  Fix from Poul-Henning Kamp and Dima Ruban from the FreeBSD tree,
  with changes from Jason Thorpe to not overrun the end of the static
  buffer and with syslog()ing the bad packets disabled so as not to
  DoS syslog.

diffstat:

 dist/ntp/ntpd/ntp_control.c |  19 ++++++++++++++++---
 1 files changed, 16 insertions(+), 3 deletions(-)

diffs (34 lines):

diff -r 456614639e17 -r 9181c214979e dist/ntp/ntpd/ntp_control.c
--- a/dist/ntp/ntpd/ntp_control.c       Wed Apr 04 21:00:09 2001 +0000
+++ b/dist/ntp/ntpd/ntp_control.c       Thu Apr 05 09:45:27 2001 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ntp_control.c,v 1.1.1.2 2000/04/22 14:53:15 simonb Exp $       */
+/*     $NetBSD: ntp_control.c,v 1.1.1.2.4.1 2001/04/05 09:45:27 jhawk Exp $    */
 
 /*
  * ntp_control.c - respond to control messages and send async traps
@@ -1812,9 +1812,22 @@
                                        while (cp < reqend &&
                                            isspace((int)*cp))
                                                cp++;
-                                       while (cp < reqend && *cp !=
-                                           ',')
+                                       while (cp < reqend && *cp != ',') {
                                                *tp++ = *cp++;
+                                               if (tp >=
+                                                   buf + sizeof(buf) - 1) {
+#if 0  /* don't syslog for now - DoS potential on filling syslog */
+                                                       msyslog(LOG_WARNING,
+    "Attempted \"ntpdx\" exploit from IP %d.%d.%d.%d:%d (possibly spoofed)\n",
+    (ntohl(rmt_addr->sin_addr.s_addr) >> 24) & 0xff,
+    (ntohl(rmt_addr->sin_addr.s_addr) >> 16) & 0xff,
+    (ntohl(rmt_addr->sin_addr.s_addr) >> 8) & 0xff,
+    (ntohl(rmt_addr->sin_addr.s_addr) >> 0) & 0xff,
+    ntohs(rmt_addr->sin_port));
+#endif
+                                                       return (0);
+                                               }
+                                       }
                                        if (cp < reqend)
                                                cp++;
                                        *tp = '\0';



Home | Main Index | Thread Index | Old Index