Commit 81501d88 authored by Kurt Roeckx's avatar Kurt Roeckx

Add missing fix for CVE-2014-9297

parent 98163d30
ntp (1:4.2.6.p5+dfsg-5) unstable; urgency=high
* Add missing fix for CVE-2014-9297
-- Kurt Roeckx <kurt@roeckx.be> Sat, 07 Feb 2015 12:20:44 +0100
ntp (1:4.2.6.p5+dfsg-4) unstable; urgency=medium
* Fix CVE-2014-9297
......
Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_crypto.c
===================================================================
--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_crypto.c 2015-02-04 20:14:03.692689838 +0000
+++ ntp-4.2.6.p5+dfsg/ntpd/ntp_crypto.c 2015-02-04 20:23:49.476322198 +0000
--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_crypto.c 2015-02-07 10:58:36.000000000 +0000
+++ ntp-4.2.6.p5+dfsg/ntpd/ntp_crypto.c 2015-02-07 10:58:49.198432087 +0000
@@ -109,6 +109,7 @@
#define TAI_1972 10 /* initial TAI offset (s) */
#define MAX_LEAP 100 /* max UTC leapseconds (s) */
......@@ -334,3 +334,31 @@ Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_crypto.c
vp->siglen = htonl(sign_siglen);
return (XEVNT_OK);
}
Index: ntp-4.2.6.p5+dfsg/ntpd/ntp_proto.c
===================================================================
--- ntp-4.2.6.p5+dfsg.orig/ntpd/ntp_proto.c 2015-02-07 10:58:36.000000000 +0000
+++ ntp-4.2.6.p5+dfsg/ntpd/ntp_proto.c 2015-02-07 10:58:49.270430734 +0000
@@ -431,7 +431,7 @@
*/
authlen = LEN_PKT_NOMAC;
has_mac = rbufp->recv_length - authlen;
- while (has_mac != 0) {
+ while (has_mac > 0) {
u_int32 len;
if (has_mac % 4 != 0 || has_mac < MIN_MAC_LEN) {
@@ -456,6 +456,14 @@
}
/*
+ * If has_mac is < 0 we had a malformed packet.
+ */
+ if (has_mac < 0) {
+ sys_badlength++;
+ return; /* bad length */
+ }
+
+ /*
* If authentication required, a MAC must be present.
*/
if (restrict_mask & RES_DONTTRUST && has_mac == 0) {
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment