Blame SOURCES/ntp-4.2.6p5-cve-2014-9298.patch

6d3098
http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=54922b65gDSbE4G7c3JjkuK1Tv33qQ
6d3098
http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5492d2879rotbnnuVch_ZC3RAfS8AA
6d3098
http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5496213frLaEz5PHLZVhuYjM7Lalkw
6d3098
http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=54c2228bpOp4_zrX9aGXdMEZJEGzkg
6d3098
6d3098
diff -up ntp-4.2.6p5/ntpd/ntp_io.c.cve-2014-9298 ntp-4.2.6p5/ntpd/ntp_io.c
6d3098
--- ntp-4.2.6p5/ntpd/ntp_io.c.cve-2014-9298	2015-02-04 11:49:30.506083987 +0100
6d3098
+++ ntp-4.2.6p5/ntpd/ntp_io.c	2015-02-04 12:09:12.638449788 +0100
6d3098
@@ -3498,6 +3498,29 @@ read_network_packet(
6d3098
 		    fd, buflen, stoa(&rb->recv_srcadr)));
6d3098
 
6d3098
 	/*
6d3098
+	** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1
6d3098
+	*/
6d3098
+
6d3098
+	if (AF_INET6 == itf->family) {
6d3098
+		DPRINTF(2, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n",
6d3098
+			stoa(&rb->recv_srcadr),
6d3098
+			IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)),
6d3098
+			stoa(&itf->sin),
6d3098
+			!IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin))
6d3098
+			));
6d3098
+
6d3098
+		if (   IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr))
6d3098
+		    && !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin))
6d3098
+		   ) {
6d3098
+			packets_dropped++;
6d3098
+			DPRINTF(2, ("DROPPING that packet\n"));
6d3098
+			freerecvbuf(rb);
6d3098
+			return buflen;
6d3098
+		}
6d3098
+		DPRINTF(2, ("processing that packet\n"));
6d3098
+	}
6d3098
+
6d3098
+	/*
6d3098
 	 * Got one.  Mark how and when it got here,
6d3098
 	 * put it on the full list and do bookkeeping.
6d3098
 	 */