http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=54922b65gDSbE4G7c3JjkuK1Tv33qQ http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5492d2879rotbnnuVch_ZC3RAfS8AA http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5496213frLaEz5PHLZVhuYjM7Lalkw http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=54c2228bpOp4_zrX9aGXdMEZJEGzkg diff -up ntp-4.2.6p5/ntpd/ntp_io.c.cve-2014-9298 ntp-4.2.6p5/ntpd/ntp_io.c --- ntp-4.2.6p5/ntpd/ntp_io.c.cve-2014-9298 2015-02-04 11:49:30.506083987 +0100 +++ ntp-4.2.6p5/ntpd/ntp_io.c 2015-02-04 12:09:12.638449788 +0100 @@ -3498,6 +3498,29 @@ read_network_packet( fd, buflen, stoa(&rb->recv_srcadr))); /* + ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1 + */ + + if (AF_INET6 == itf->family) { + DPRINTF(2, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n", + stoa(&rb->recv_srcadr), + IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)), + stoa(&itf->sin), + !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) + )); + + if ( IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)) + && !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) + ) { + packets_dropped++; + DPRINTF(2, ("DROPPING that packet\n")); + freerecvbuf(rb); + return buflen; + } + DPRINTF(2, ("processing that packet\n")); + } + + /* * Got one. Mark how and when it got here, * put it on the full list and do bookkeeping. */