From 6c8588c13ca397b75fb07c0f34e16f37eb7e6d97 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 29 Nov 2016 12:59:57 +0100 Subject: [PATCH] ntp: truncate MACs in NTPv4 packets When sending an NTPv4 packet, truncate long MAC to 192 bits to follow RFC 7822. --- ntp_core.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/ntp_core.c b/ntp_core.c index 6a5701c..01c103f 100644 --- a/ntp_core.c +++ b/ntp_core.c @@ -849,7 +849,7 @@ transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */ ) { NTP_Packet message; - int auth_len, length, ret, precision; + int auth_len, mac_len, length, ret, precision; struct timespec local_receive, local_transmit; NTP_int64 ts_fuzz; @@ -979,8 +979,16 @@ transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */ DEBUG_LOG(LOGF_NtpCore, "Could not generate auth data with key %"PRIu32, key_id); return 0; } + message.auth_keyid = htonl(key_id); - length += sizeof (message.auth_keyid) + auth_len; + mac_len = sizeof (message.auth_keyid) + auth_len; + + /* Truncate MACs in NTPv4 packets to allow deterministic parsing + of extension fields (RFC 7822) */ + if (version == 4 && mac_len > NTP_MAX_V4_MAC_LENGTH) + mac_len = NTP_MAX_V4_MAC_LENGTH; + + length += mac_len; } else if (auth_mode == AUTH_MSSNTP) { /* MS-SNTP packets are signed (asynchronously) by ntp_signd */ return NSD_SignAndSendPacket(key_id, &message, where_to, from, length);