ntp: improve replay protection in symmetric mode

Always allow update from the first valid response, even if its transmit timestamp is not newer than the currently saved timestamp. This shoud provide a temporary protection in the case where the attacker does have an authenticated packet from future, but the peers are using the same polling interval and the protocol is already synchronised. This could be also useful in the case where the attacker cannot observe the traffic and authentication is disabled.
2016-11-14 09:27:07 +01:00 · 2016-11-14 09:27:07 +01:00 · cfb3c3ba44
commit cfb3c3ba44
parent 4b0ef09221
1 changed files with 1 additions and 1 deletions
--- a/ntp_core.c
+++ b/ntp_core.c
@ -1458,7 +1458,7 @@ receive_packet(NCR_Instance inst, NTP_Local_Address *local_addr,
  if ((inst->mode == MODE_CLIENT && valid_packet && !inst->valid_rx) ||
      (inst->mode == MODE_ACTIVE && (valid_packet || !inst->valid_rx) &&
       test5 && !UTI_IsZeroNtp64(&message->transmit_ts) &&
-       (!inst->updated_timestamps ||
+       (!inst->updated_timestamps || (valid_packet && !inst->valid_rx) ||
        UTI_CompareNtp64(&inst->remote_ntp_tx, &message->transmit_ts) < 0))) {
    inst->remote_ntp_rx = message->receive_ts;
    inst->remote_ntp_tx = message->transmit_ts;