Blame SOURCES/ntp-4.2.6p5-cve-2015-7974.patch
|
 |
2b78f7 |
diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2015-7974 ntp-4.2.6p5/ntpd/ntp_proto.c
|
|
|
2b78f7 |
--- ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2015-7974 2016-01-21 14:06:18.958346184 +0100
|
|
|
2b78f7 |
+++ ntp-4.2.6p5/ntpd/ntp_proto.c 2016-01-21 14:16:34.894828262 +0100
|
|
|
2b78f7 |
@@ -674,10 +674,13 @@ receive(
|
|
|
2b78f7 |
* succeed in bloating the key cache. If an autokey,
|
|
|
2b78f7 |
* purge it immediately, since we won't be needing it
|
|
|
2b78f7 |
* again. If the packet is authentic, it can mobilize an
|
|
|
2b78f7 |
- * association. Note that there is no key zero.
|
|
|
2b78f7 |
+ * association. If it's a persistent association using a
|
|
|
2b78f7 |
+ * symmetric key, the key ID has to match the configured
|
|
|
2b78f7 |
+ * value. Note that there is no key zero.
|
|
|
2b78f7 |
*/
|
|
|
2b78f7 |
- if (!authdecrypt(skeyid, (u_int32 *)pkt, authlen,
|
|
|
2b78f7 |
- has_mac))
|
|
|
2b78f7 |
+ if ((peer && !(peer->flags & FLAG_PREEMPT) &&
|
|
|
2b78f7 |
+ peer->keyid <= NTP_MAXKEY && skeyid != peer->keyid) ||
|
|
|
2b78f7 |
+ !authdecrypt(skeyid, (u_int32 *)pkt, authlen, has_mac))
|
|
|
2b78f7 |
is_authentic = AUTH_ERROR;
|
|
|
2b78f7 |
else
|
|
|
2b78f7 |
is_authentic = AUTH_OK;
|