diff -up ntp-4.2.6p5/ntpd/ntp_peer.c.cve-2016-7429 ntp-4.2.6p5/ntpd/ntp_peer.c

--- ntp-4.2.6p5/ntpd/ntp_peer.c.cve-2016-7429	2016-11-21 16:47:51.738767270 +0100

+++ ntp-4.2.6p5/ntpd/ntp_peer.c	2016-11-21 16:52:02.434034046 +0100

@@ -241,7 +241,8 @@ findpeer(

 	hash = NTP_HASH_ADDR(srcadr);

 	for (p = peer_hash[hash]; p != NULL; p = p->next) {

 		if (SOCK_EQ(srcadr, &p->srcadr) &&

-		    NSRCPORT(srcadr) == NSRCPORT(&p->srcadr)) {

+		    NSRCPORT(srcadr) == NSRCPORT(&p->srcadr) &&

+		    (p->hmode == MODE_BCLIENT || p->dstadr == rbufp->dstadr)) {

 			/*

 			 * if the association matching rules determine

@@ -288,13 +289,6 @@ findpeer(

 	 */

 	if (NULL == p) {

 		*action = MATCH_ASSOC(NO_PEER, pkt_mode);

-	} else if (p->dstadr != rbufp->dstadr) {

-		set_peerdstadr(p, rbufp->dstadr);

-		if (p->dstadr == rbufp->dstadr) {

-			DPRINTF(1, ("Changed %s local address to match response\n",

-				    stoa(&p->srcadr)));

-			return findpeer(rbufp, pkt_mode, action);

-		}

 	}

 	return p;

 }

@@ -548,6 +542,11 @@ set_peerdstadr(

 {

 	struct peer *	unlinked;

+	DEBUG_INSIST(p != NULL);

+

+	if (p == NULL)

+		return;

+

 	if (p->dstadr == dstadr)

 		return;