Sophie: ntp-4.2.6p5-24.7.mga5 src

ntp-4.2.6p5-24.7.mga5.src.rpm

diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2016-4955 ntp-4.2.6p5/ntpd/ntp_proto.c
--- ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2016-4955	2016-05-26 15:39:53.706690269 +0200
+++ ntp-4.2.6p5/ntpd/ntp_proto.c	2016-05-26 15:39:36.000000000 +0200
@@ -1129,15 +1129,17 @@ receive(
 		report_event(PEVNT_AUTH, peer, "crypto_NAK");
 		peer->flash |= TEST5;		/* bad auth */
 		peer->badauth++;
-		if (peer->flags & FLAG_PREEMPT && hismode != MODE_BROADCAST &&
-		    !(peer->flash & (TEST2 | TEST3))) {
-			unpeer(peer);
-			return;
-		}
+		if (hismode != MODE_BROADCAST &&
+					!(peer->flash & (TEST2 | TEST3))) {
+			if (peer->flags & FLAG_PREEMPT) {
+				unpeer(peer);
+				return;
+			}
 #ifdef OPENSSL
-		if (peer->crypto)
-			peer_clear(peer, "AUTH");
+			if (peer->crypto)
+				peer_clear(peer, "AUTH");
 #endif /* OPENSSL */
+		}
 		return;
 
 	/*
@@ -1156,15 +1158,17 @@ receive(
 		if (has_mac &&
 		    (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
 			fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
-		if (peer->flags & FLAG_PREEMPT && hismode != MODE_BROADCAST &&
-		    !(peer->flash & (TEST2 | TEST3))) {
-			unpeer(peer);
-			return;
-		}
+		if (hismode != MODE_BROADCAST &&
+					!(peer->flash & (TEST2 | TEST3))) {
+			if (peer->flags & FLAG_PREEMPT) {
+				unpeer(peer);
+				return;
+			}
 #ifdef OPENSSL
-		if (peer->crypto)
-			peer_clear(peer, "AUTH");
+			if (peer->crypto)
+				peer_clear(peer, "AUTH");
 #endif /* OPENSSL */
+		}
 		return;
 	}