|
 |
e9ba41 |
diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2020-11868 ntp-4.2.6p5/ntpd/ntp_proto.c
|
|
|
e9ba41 |
--- ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2020-11868 2020-05-26 13:03:53.778232633 +0200
|
|
|
e9ba41 |
+++ ntp-4.2.6p5/ntpd/ntp_proto.c 2020-05-26 13:04:41.367347264 +0200
|
|
|
e9ba41 |
@@ -1044,6 +1044,10 @@ receive(
|
|
|
e9ba41 |
if (L_ISZERO(&p_xmt)) {
|
|
|
e9ba41 |
peer->flash |= TEST3; /* unsynch */
|
|
|
e9ba41 |
|
|
|
e9ba41 |
+ /* Don't update the state in client mode. */
|
|
|
e9ba41 |
+ if (peer->hmode == MODE_CLIENT)
|
|
|
e9ba41 |
+ return;
|
|
|
e9ba41 |
+
|
|
|
e9ba41 |
/*
|
|
|
e9ba41 |
* If the transmit timestamp duplicates a previous one, the
|
|
|
e9ba41 |
* packet is a replay. This prevents the bad guys from replaying
|
|
|
e9ba41 |
@@ -1077,6 +1081,11 @@ receive(
|
|
|
e9ba41 |
if (L_ISZERO(&p_org) || !L_ISEQU(&p_org, &peer->aorg)) {
|
|
|
e9ba41 |
peer->bogusorg++;
|
|
|
e9ba41 |
peer->flash |= TEST2; /* bogus */
|
|
|
e9ba41 |
+
|
|
|
e9ba41 |
+ /* Don't update the state in client mode. */
|
|
|
e9ba41 |
+ if (peer->hmode == MODE_CLIENT)
|
|
|
e9ba41 |
+ return;
|
|
|
e9ba41 |
+
|
|
|
e9ba41 |
if (!L_ISZERO(&peer->dst) && L_ISEQU(&p_org,
|
|
|
e9ba41 |
&peer->dst)) {
|
|
|
e9ba41 |
xleave_mismatch = 1;
|
|
|
e9ba41 |
@@ -1410,7 +1419,8 @@ process_packet(
|
|
|
e9ba41 |
if (peer->burst > 0)
|
|
|
e9ba41 |
peer->nextdate = current_time;
|
|
|
e9ba41 |
}
|
|
|
e9ba41 |
- poll_update(peer, peer->hpoll);
|
|
|
e9ba41 |
+ if (!(peer->flash & PKT_TEST_MASK))
|
|
|
e9ba41 |
+ poll_update(peer, peer->hpoll);
|
|
|
e9ba41 |
|
|
|
e9ba41 |
/*
|
|
|
e9ba41 |
* Verify the server is synchronized; that is, the leap bits,
|