faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ntp: don't send response longer than request

Browse source 
When sending a response in the server or passive mode, make sure the
response is not longer than the request to prevent amplification
attacks when resposes may contain extension fields (e.g. NTS).
This commit is contained in:
Miroslav Lichvar 2019-04-15 12:48:41 +02:00
parent 9ea1e4e40f
commit b8ee6d6e56
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ntp_core.c
View file

@ -1120,6 +1120,12 @@ transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */
UTI_IsEqualAnyNtp64(&message.transmit_ts, &message.receive_ts, UTI_IsEqualAnyNtp64(&message.transmit_ts, &message.receive_ts,
&message.originate_ts, local_ntp_tx)); &message.originate_ts, local_ntp_tx));
if (request_info && request_info->length < info.length) {
DEBUG_LOG("Response longer than request req_len=%d res_len=%d",
request_info->length, info.length);
return 0;
}
ret = NIO_SendPacket(&message, where_to, from, info.length, local_tx != NULL); ret = NIO_SendPacket(&message, where_to, from, info.length, local_tx != NULL);
if (local_tx) { if (local_tx) {