ntp: avoid truncation of NTPv4 MACs by default

If the MAC in NTPv4 requests would be truncated, use version 3 by default to avoid the truncation. This is necessary for compatibility with older chronyd servers, which do not respond to messages with truncated MACs.
2025-12-03 19:25:07 -05:00 · 2016-11-29 13:26:46 +01:00
parent 1d5d768545
commit e6e9a472db
5 changed files with 34 additions and 9 deletions
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -520,11 +520,7 @@ NCR_GetInstance(NTP_Remote_Address *remote_addr, NTP_Source_Type type, SourcePar
  result->auto_offline = params->auto_offline;
  result->poll_target = params->poll_target;

-  result->version = params->version;
-  if (result->version < NTP_MIN_COMPAT_VERSION)
-    result->version = NTP_MIN_COMPAT_VERSION;
-  else if (result->version > NTP_VERSION)
-    result->version = NTP_VERSION;
+  result->version = NTP_VERSION;

  if (params->authkey == INACTIVE_AUTHKEY) {
    result->auth_mode = AUTH_NONE;
@@ -541,8 +537,16 @@ NCR_GetInstance(NTP_Remote_Address *remote_addr, NTP_Source_Type type, SourcePar
          result->auth_key_id, UTI_IPToString(&result->remote_addr.ip_addr),
          "too short");
    }
+
+    /* If the MAC in NTPv4 packets would be truncated, use version 3 by
+       default for compatibility with older chronyd servers */
+    if (KEY_GetAuthLength(result->auth_key_id) + 4 > NTP_MAX_V4_MAC_LENGTH)
+      result->version = 3;
  }

+  if (params->version)
+    result->version = CLAMP(NTP_MIN_COMPAT_VERSION, params->version, NTP_VERSION);
+
  /* Create a source instance for this NTP source */
  result->source = SRC_CreateNewInstance(UTI_IPToRefid(&remote_addr->ip_addr),
                                         SRC_NTP, params->sel_options,