DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-04 04:15:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

ntp: don't accept packets with unexpected authentication

Browse Source 
If authentication is not enabled in configuration, responses are not
expected to be authenticated. Handle such responses as having failed
authentication.

A case where this could happen is a misconfigured symmetric association
where only one peer has specified the other with a key. Before this
change synchronization would work in one direction and used packets
with an asymmetric length.
This commit is contained in:
Miroslav Lichvar
2020-02-03 16:04:08 +01:00
parent 7661a6e95b
commit 5ed9b888ff
2 changed files with 2 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ntp_auth.c
View File

@@ -401,11 +401,6 @@ NAU_GenerateResponseAuth(NTP_Packet *request, NTP_PacketInfo *request_info,
int
NAU_CheckResponseAuth(NAU_Instance instance, NTP_Packet *response, NTP_PacketInfo *info)
{
/* If we don't expect the packet to be authenticated, ignore any
authentication data in the packet */
if (instance->mode == NTP_AUTH_NONE)
return 1;
/* The authentication must match the expected mode */
if (info->auth.mode != instance->mode)
return 0;