Blob Blame History Raw
diff -up ntp-4.2.6p5/ntpd/ntp_peer.c.cve-2016-7429 ntp-4.2.6p5/ntpd/ntp_peer.c
--- ntp-4.2.6p5/ntpd/ntp_peer.c.cve-2016-7429	2016-11-21 16:47:51.738767270 +0100
+++ ntp-4.2.6p5/ntpd/ntp_peer.c	2016-11-21 16:52:02.434034046 +0100
@@ -241,7 +241,8 @@ findpeer(
 	hash = NTP_HASH_ADDR(srcadr);
 	for (p = peer_hash[hash]; p != NULL; p = p->next) {
 		if (SOCK_EQ(srcadr, &p->srcadr) &&
-		    NSRCPORT(srcadr) == NSRCPORT(&p->srcadr)) {
+		    NSRCPORT(srcadr) == NSRCPORT(&p->srcadr) &&
+		    (p->hmode == MODE_BCLIENT || p->dstadr == rbufp->dstadr)) {
 
 			/*
 			 * if the association matching rules determine
@@ -288,13 +289,6 @@ findpeer(
 	 */
 	if (NULL == p) {
 		*action = MATCH_ASSOC(NO_PEER, pkt_mode);
-	} else if (p->dstadr != rbufp->dstadr) {
-		set_peerdstadr(p, rbufp->dstadr);
-		if (p->dstadr == rbufp->dstadr) {
-			DPRINTF(1, ("Changed %s local address to match response\n",
-				    stoa(&p->srcadr)));
-			return findpeer(rbufp, pkt_mode, action);
-		}
 	}
 	return p;
 }
@@ -548,6 +542,11 @@ set_peerdstadr(
 {
 	struct peer *	unlinked;
 
+	DEBUG_INSIST(p != NULL);
+
+	if (p == NULL)
+		return;
+
 	if (p->dstadr == dstadr)
 		return;