|
 |
6e16f6 |
diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2015-1798 ntp-4.2.6p5/ntpd/ntp_proto.c
|
|
|
6e16f6 |
--- ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2015-1798 2015-04-08 12:50:57.997021032 +0200
|
|
|
6e16f6 |
+++ ntp-4.2.6p5/ntpd/ntp_proto.c 2015-04-08 12:50:58.005021047 +0200
|
|
|
6e16f6 |
@@ -1130,18 +1130,20 @@ receive(
|
|
|
6e16f6 |
return;
|
|
|
6e16f6 |
|
|
|
6e16f6 |
/*
|
|
|
6e16f6 |
- * If the digest fails, the client cannot authenticate a server
|
|
|
6e16f6 |
+ * If the digest fails or it's missing for authenticated
|
|
|
6e16f6 |
+ * associations, the client cannot authenticate a server
|
|
|
6e16f6 |
* reply to a client packet previously sent. The loopback check
|
|
|
6e16f6 |
* is designed to avoid a bait-and-switch attack, which was
|
|
|
6e16f6 |
* possible in past versions. If symmetric modes, return a
|
|
|
6e16f6 |
* crypto-NAK. The peer should restart the protocol.
|
|
|
6e16f6 |
*/
|
|
|
6e16f6 |
- } else if (!AUTH(has_mac || (restrict_mask & RES_DONTTRUST),
|
|
|
6e16f6 |
- is_authentic)) {
|
|
|
6e16f6 |
+ } else if (!AUTH(peer->keyid || has_mac ||
|
|
|
6e16f6 |
+ (restrict_mask & RES_DONTTRUST), is_authentic)) {
|
|
|
6e16f6 |
report_event(PEVNT_AUTH, peer, "digest");
|
|
|
6e16f6 |
peer->flash |= TEST5; /* bad auth */
|
|
|
6e16f6 |
peer->badauth++;
|
|
|
6e16f6 |
- if (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)
|
|
|
6e16f6 |
+ if (has_mac &&
|
|
|
6e16f6 |
+ (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
|
|
|
6e16f6 |
fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
|
|
|
6e16f6 |
if (peer->flags & FLAG_PREEMPT) {
|
|
|
6e16f6 |
unpeer(peer);
|