From 09067e06d386b25f3c841dcae32b1d8602d46742 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 23 Nov 2021 10:35:22 +0100
Subject: [PATCH] ntp: fix exp1 EF search in process_response()

Don't ignore the magic field when searching for the exp1 extension
field in a received response. If there were two exp1 fields in the
packet, and only one of them had the expected magic value, it should
pick the right one.

Fixes: 2319f72b29a9 ("ntp: add client support for experimental extension field")
---
 ntp_core.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ntp_core.c b/ntp_core.c
index 945aec9..2cffd6c 100644
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -1721,7 +1721,9 @@ process_response(NCR_Instance inst, NTP_Local_Address *local_addr,
 
       switch (ef_type) {
         case NTP_EF_EXP1:
-          if (inst->ext_field_flags & NTP_EF_FLAG_EXP1 && ef_body_length == sizeof (*ef_exp1))
+          if (inst->ext_field_flags & NTP_EF_FLAG_EXP1 &&
+              ef_body_length == sizeof (*ef_exp1) &&
+              ntohl(((NTP_ExtFieldExp1 *)ef_body)->magic) == NTP_EF_EXP1_MAGIC)
             ef_exp1 = ef_body;
           break;
       }