Sophie

Sophie

distrib > Mageia > 5 > x86_64 > by-pkgid > f7ec454c4b9909fddb818408524fcce3 > files > 18

ntp-4.2.6p5-24.1.mga5.src.rpm


http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=550a80b0iGyIv4t9J1GJ_74V_eEx4A
http://bugs.ntp.org/show_bug.cgi?id=2779

diff -Naurp ntp-4.2.6p5/ntpd/ntp_proto.c ntp-4.2.6p5.oden/ntpd/ntp_proto.c
--- ntp-4.2.6p5/ntpd/ntp_proto.c	2015-04-08 09:09:56.000000000 +0200
+++ ntp-4.2.6p5.oden/ntpd/ntp_proto.c	2015-04-08 09:09:31.000000000 +0200
@@ -1130,19 +1130,21 @@ receive(
 #endif /* OPENSSL */
 		return;
 
-	/* 
-	 * If the digest fails, the client cannot authenticate a server
+	/*
+	 * If the digest fails or it's missing for authenticated
+	 * associations, the client cannot authenticate a server
 	 * reply to a client packet previously sent. The loopback check
 	 * is designed to avoid a bait-and-switch attack, which was
 	 * possible in past versions. If symmetric modes, return a
 	 * crypto-NAK. The peer should restart the protocol.
 	 */
-	} else if (!AUTH(has_mac || (restrict_mask & RES_DONTTRUST),
-	    is_authentic)) {
+	} else if (!AUTH(peer->keyid || has_mac ||
+			 (restrict_mask & RES_DONTTRUST), is_authentic)) {
 		report_event(PEVNT_AUTH, peer, "digest");
 		peer->flash |= TEST5;		/* bad auth */
 		peer->badauth++;
-		if (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)
+		if (has_mac &&
+		    (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
 			fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
 		if (peer->flags & FLAG_PREEMPT) {
 			unpeer(peer);

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional