diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2015-1799 ntp-4.2.6p5/ntpd/ntp_proto.c

--- ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2015-1799	2015-04-08 13:06:43.083810350 +0200

+++ ntp-4.2.6p5/ntpd/ntp_proto.c	2015-04-08 13:08:12.679980322 +0200

@@ -1101,16 +1101,6 @@ receive(

 	}

 	/*

-	 * Update the state variables.

-	 */

-	if (peer->flip == 0) {

-		if (hismode != MODE_BROADCAST)

-			peer->rec = p_xmt;

-		peer->dst = rbufp->recv_time;

-	}

-	peer->xmt = p_xmt;

-

-	/*

 	 * If this is a crypto_NAK, the server cannot authenticate a

 	 * client packet. The server might have just changed keys. Clear

 	 * the association and restart the protocol.

@@ -1157,6 +1147,16 @@ receive(

 	}

 	/*

+	 * Update the state variables.

+	 */

+	if (peer->flip == 0) {

+		if (hismode != MODE_BROADCAST)

+			peer->rec = p_xmt;

+		peer->dst = rbufp->recv_time;

+	}

+	peer->xmt = p_xmt;

+

+	/*

 	 * Set the peer ppoll to the maximum of the packet ppoll and the

 	 * peer minpoll. If a kiss-o'-death, set the peer minpoll to

 	 * this maximumn and advance the headway to give the sender some