diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2016-4955 ntp-4.2.6p5/ntpd/ntp_proto.c --- ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2016-4955 2016-05-26 15:39:53.706690269 +0200 +++ ntp-4.2.6p5/ntpd/ntp_proto.c 2016-05-26 15:39:36.000000000 +0200 @@ -1129,15 +1129,17 @@ receive( report_event(PEVNT_AUTH, peer, "crypto_NAK"); peer->flash |= TEST5; /* bad auth */ peer->badauth++; - if (peer->flags & FLAG_PREEMPT && hismode != MODE_BROADCAST && - !(peer->flash & (TEST2 | TEST3))) { - unpeer(peer); - return; - } + if (hismode != MODE_BROADCAST && + !(peer->flash & (TEST2 | TEST3))) { + if (peer->flags & FLAG_PREEMPT) { + unpeer(peer); + return; + } #ifdef OPENSSL - if (peer->crypto) - peer_clear(peer, "AUTH"); + if (peer->crypto) + peer_clear(peer, "AUTH"); #endif /* OPENSSL */ + } return; /* @@ -1156,15 +1158,17 @@ receive( if (has_mac && (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)) fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask); - if (peer->flags & FLAG_PREEMPT && hismode != MODE_BROADCAST && - !(peer->flash & (TEST2 | TEST3))) { - unpeer(peer); - return; - } + if (hismode != MODE_BROADCAST && + !(peer->flash & (TEST2 | TEST3))) { + if (peer->flags & FLAG_PREEMPT) { + unpeer(peer); + return; + } #ifdef OPENSSL - if (peer->crypto) - peer_clear(peer, "AUTH"); + if (peer->crypto) + peer_clear(peer, "AUTH"); #endif /* OPENSSL */ + } return; }