DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 18:05:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

ntp: don't accept packets with unexpected authentication

Browse Source 
If authentication is not enabled in configuration, responses are not
expected to be authenticated. Handle such responses as having failed
authentication.

A case where this could happen is a misconfigured symmetric association
where only one peer has specified the other with a key. Before this
change synchronization would work in one direction and used packets
with an asymmetric length.
This commit is contained in:
Miroslav Lichvar
2020-02-03 16:04:08 +01:00
parent 7661a6e95b
commit 5ed9b888ff
2 changed files with 2 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
test/unit/ntp_core.c
View File

@@ -356,9 +356,9 @@ test_unit(void)
inst1->tx_count < MAX_CLIENT_INTERLEAVED_TX);
authenticated = random() % 2;
valid = (!interleaved || (source.params.interleaved && has_updated)) &&
(!source.params.authkey || authenticated);
((source.params.authkey == INACTIVE_AUTHKEY) == !authenticated);
updated = (valid || inst1->mode == MODE_ACTIVE) &&
(!source.params.authkey || authenticated);
((source.params.authkey == INACTIVE_AUTHKEY) == !authenticated);
has_updated = has_updated || updated;
if (inst1->mode == MODE_CLIENT)
updated = 0;