Blob Blame History Raw
diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2015-1798 ntp-4.2.6p5/ntpd/ntp_proto.c
--- ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2015-1798	2015-04-08 12:50:57.997021032 +0200
+++ ntp-4.2.6p5/ntpd/ntp_proto.c	2015-04-08 12:50:58.005021047 +0200
@@ -1130,18 +1130,20 @@ receive(
 		return;
 
 	/* 
-	 * If the digest fails, the client cannot authenticate a server
+	 * If the digest fails or it's missing for authenticated
+	 * associations, the client cannot authenticate a server
 	 * reply to a client packet previously sent. The loopback check
 	 * is designed to avoid a bait-and-switch attack, which was
 	 * possible in past versions. If symmetric modes, return a
 	 * crypto-NAK. The peer should restart the protocol.
 	 */
-	} else if (!AUTH(has_mac || (restrict_mask & RES_DONTTRUST),
-	    is_authentic)) {
+	} else if (!AUTH(peer->keyid || has_mac ||
+			 (restrict_mask & RES_DONTTRUST), is_authentic)) {
 		report_event(PEVNT_AUTH, peer, "digest");
 		peer->flash |= TEST5;		/* bad auth */
 		peer->badauth++;
-		if (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)
+		if (has_mac &&
+		    (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
 			fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
 		if (peer->flags & FLAG_PREEMPT) {
 			unpeer(peer);