From 91e74c704bcccc068379719bc7831d3bf0bf777e Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 26 Mar 2014 11:15:09 +0100
Subject: [PATCH] ntp: accept packets from unknown sources only from server
 sockets

---
 ntp_core.c |  7 +++++++
 ntp_io.c   | 13 +++++++++++++
 ntp_io.h   |  3 +++
 3 files changed, 23 insertions(+)

diff --git a/ntp_core.c b/ntp_core.c
index 4e6eaff..a63b5a2 100644
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -1457,6 +1457,13 @@ NCR_ProcessUnknown
   int valid_auth, auth_len;
   unsigned long key_id;
 
+  /* Ignore the packet if it wasn't received by server socket */
+  if (!NIO_IsServerSocket(local_addr->sock_fd)) {
+    DEBUG_LOG(LOGF_NtpCore, "NTP request packet received by client socket %d",
+              local_addr->sock_fd);
+    return;
+  }
+
   /* Check version */
   version = (message->lvm >> 3) & 0x7;
   if (version < NTP_MIN_COMPAT_VERSION || version > NTP_MAX_COMPAT_VERSION) {
diff --git a/ntp_io.c b/ntp_io.c
index 839fd8c..8a901eb 100644
--- a/ntp_io.c
+++ b/ntp_io.c
@@ -438,6 +438,19 @@ NIO_CloseClientSocket(int sock_fd)
 
 /* ================================================== */
 
+int
+NIO_IsServerSocket(int sock_fd)
+{
+  return sock_fd != INVALID_SOCK_FD &&
+    (sock_fd == server_sock_fd4
+#ifdef HAVE_IPV6
+     || sock_fd == server_sock_fd6
+#endif
+    );
+}
+
+/* ================================================== */
+
 static void
 read_from_socket(void *anything)
 {
diff --git a/ntp_io.h b/ntp_io.h
index b323fba..b4200d3 100644
--- a/ntp_io.h
+++ b/ntp_io.h
@@ -46,6 +46,9 @@ extern int NIO_GetServerSocket(NTP_Remote_Address *remote_addr);
 /* Function to close a socket returned by NIO_GetClientSocket() */
 extern void NIO_CloseClientSocket(int sock_fd);
 
+/* Function to check if socket is a server socket */
+extern int NIO_IsServerSocket(int sock_fd);
+
 /* Function to transmit a packet */
 extern void NIO_SendNormalPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr);