Blob Blame History Raw
diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2020-11868 ntp-4.2.6p5/ntpd/ntp_proto.c
--- ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2020-11868	2020-05-26 13:03:53.778232633 +0200
+++ ntp-4.2.6p5/ntpd/ntp_proto.c	2020-05-26 13:04:41.367347264 +0200
@@ -1044,6 +1044,10 @@ receive(
 	if (L_ISZERO(&p_xmt)) {
 		peer->flash |= TEST3;			/* unsynch */
 
+		/* Don't update the state in client mode. */
+		if (peer->hmode == MODE_CLIENT)
+			return;
+
 	/*
 	 * If the transmit timestamp duplicates a previous one, the
 	 * packet is a replay. This prevents the bad guys from replaying
@@ -1077,6 +1081,11 @@ receive(
 		if (L_ISZERO(&p_org) || !L_ISEQU(&p_org, &peer->aorg)) {
 			peer->bogusorg++;
 			peer->flash |= TEST2;	/* bogus */
+
+			/* Don't update the state in client mode. */
+			if (peer->hmode == MODE_CLIENT)
+				return;
+
 			if (!L_ISZERO(&peer->dst) && L_ISEQU(&p_org,
 			    &peer->dst)) {
 				xleave_mismatch = 1;
@@ -1410,7 +1419,8 @@ process_packet(
 		if (peer->burst > 0)
 			peer->nextdate = current_time;
 	}
-	poll_update(peer, peer->hpoll);
+	if (!(peer->flash & PKT_TEST_MASK))
+		poll_update(peer, peer->hpoll);
 
 	/*
 	 * Verify the server is synchronized; that is, the leap bits,