mirror of
https://gitlab.com/chrony/chrony.git
synced 2025-12-04 15:05:08 -05:00
dba458d50c
To prevent an attacker using chronyd in an amplification attack, change the protocol to include padding in request packets so that the largest possible reply is not larger than the request. Request packets that don't include this padding are ignored as invalid. This is an incompatible change in the protocol. Clients from chrony 1.27, 1.28 and 1.29 will receive NULL reply with STT_BADPKTVERSION and print "Protocol version mismatch". Clients from 1.26 and older will not receive a reply as it would be larger than the request if it was padded to be compatible with their protocol.
13 KiB
13 KiB