Blame SOURCES/ntp-4.2.6p5-cve-2014-9293.patch
|
 |
6e16f6 |
diff -up ntp-4.2.6p5/ntpd/ntp_config.c.cve-2014-9293 ntp-4.2.6p5/ntpd/ntp_config.c
|
|
|
6e16f6 |
--- ntp-4.2.6p5/ntpd/ntp_config.c.cve-2014-9293 2014-12-19 16:24:18.297578337 +0100
|
|
|
6e16f6 |
+++ ntp-4.2.6p5/ntpd/ntp_config.c 2014-12-19 16:24:18.311578368 +0100
|
|
|
6e16f6 |
@@ -1866,13 +1866,16 @@ config_auth(
|
|
|
6e16f6 |
req_hashlen = digest_len;
|
|
|
6e16f6 |
#endif
|
|
|
6e16f6 |
} else {
|
|
|
6e16f6 |
- int rankey;
|
|
|
6e16f6 |
+ unsigned char rankey[16];
|
|
|
6e16f6 |
+
|
|
|
6e16f6 |
+ if (ntp_crypto_random_buf(rankey, sizeof (rankey))) {
|
|
|
6e16f6 |
+ msyslog(LOG_ERR, "ntp_crypto_random_buf() failed.");
|
|
|
6e16f6 |
+ exit(1);
|
|
|
6e16f6 |
+ }
|
|
|
6e16f6 |
|
|
|
6e16f6 |
- rankey = ntp_random();
|
|
|
6e16f6 |
req_keytype = NID_md5;
|
|
|
6e16f6 |
req_hashlen = 16;
|
|
|
6e16f6 |
- MD5auth_setkey(req_keyid, req_keytype,
|
|
|
6e16f6 |
- (u_char *)&rankey, sizeof(rankey));
|
|
|
6e16f6 |
+ MD5auth_setkey(req_keyid, req_keytype, rankey, sizeof(rankey));
|
|
|
6e16f6 |
authtrust(req_keyid, 1);
|
|
|
6e16f6 |
}
|
|
|
6e16f6 |
|
|
|
6e16f6 |
diff -up ntp-4.2.6p5/ntpd/ntpd.c.cve-2014-9293 ntp-4.2.6p5/ntpd/ntpd.c
|
|
|
6e16f6 |
--- ntp-4.2.6p5/ntpd/ntpd.c.cve-2014-9293 2014-12-19 16:24:02.000000000 +0100
|
|
|
6e16f6 |
+++ ntp-4.2.6p5/ntpd/ntpd.c 2014-12-19 16:24:18.298578339 +0100
|
|
|
6e16f6 |
@@ -593,6 +593,7 @@ ntpdmain(
|
|
|
6e16f6 |
get_systime(&now;;
|
|
|
6e16f6 |
|
|
|
6e16f6 |
ntp_srandom((int)(now.l_i * now.l_uf));
|
|
|
6e16f6 |
+ ntp_crypto_srandom();
|
|
|
6e16f6 |
|
|
|
6e16f6 |
#if !defined(VMS)
|
|
|
6e16f6 |
# ifndef NODETACH
|