From b8ee6d6e56395d795ee5366f1c3366b53d619efb Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Mon, 15 Apr 2019 12:48:41 +0200
Subject: [PATCH] ntp: don't send response longer than request

When sending a response in the server or passive mode, make sure the
response is not longer than the request to prevent amplification
attacks when resposes may contain extension fields (e.g. NTS).
---
 ntp_core.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ntp_core.c b/ntp_core.c
index bc24b18..21764f1 100644
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -1120,6 +1120,12 @@ transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */
            UTI_IsEqualAnyNtp64(&message.transmit_ts, &message.receive_ts,
                                &message.originate_ts, local_ntp_tx));
 
+  if (request_info && request_info->length < info.length) {
+    DEBUG_LOG("Response longer than request req_len=%d res_len=%d",
+              request_info->length, info.length);
+    return 0;
+  }
+
   ret = NIO_SendPacket(&message, where_to, from, info.length, local_tx != NULL);
 
   if (local_tx) {