ntp: accept packets from unknown sources only from server sockets

ntp_core.c

@@ -1457,6 +1457,13 @@ NCR_ProcessUnknown
   int valid_auth, auth_len;
   unsigned long key_id;
 
+  /* Ignore the packet if it wasn't received by server socket */
+  if (!NIO_IsServerSocket(local_addr->sock_fd)) {
+    DEBUG_LOG(LOGF_NtpCore, "NTP request packet received by client socket %d",
+              local_addr->sock_fd);
+    return;
+  }
+
   /* Check version */
   version = (message->lvm >> 3) & 0x7;
   if (version < NTP_MIN_COMPAT_VERSION || version > NTP_MAX_COMPAT_VERSION) {

ntp_io.c

@@ -438,6 +438,19 @@ NIO_CloseClientSocket(int sock_fd)
 
 /* ================================================== */
 
+int
+NIO_IsServerSocket(int sock_fd)
+{
+  return sock_fd != INVALID_SOCK_FD &&
+    (sock_fd == server_sock_fd4
+#ifdef HAVE_IPV6
+     || sock_fd == server_sock_fd6
+#endif
+    );
+}
+
+/* ================================================== */
+
 static void
 read_from_socket(void *anything)
 {

ntp_io.h

@@ -46,6 +46,9 @@ extern int NIO_GetServerSocket(NTP_Remote_Address *remote_addr);
 /* Function to close a socket returned by NIO_GetClientSocket() */
 extern void NIO_CloseClientSocket(int sock_fd);
 
+/* Function to check if socket is a server socket */
+extern int NIO_IsServerSocket(int sock_fd);
+
 /* Function to transmit a packet */
 extern void NIO_SendNormalPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr);