2017-02-12 11:08:16+01:00, perlinger@ntp.org
[Sec 3387] NTP-01-012: Authenticated DoS via Malicious Config Option
diff -up ntp-4.2.6p5/ntpd/ntp_config.c.cve-2017-6463 ntp-4.2.6p5/ntpd/ntp_config.c
--- ntp-4.2.6p5/ntpd/ntp_config.c.cve-2017-6463 2017-03-22 14:28:51.342870650 +0100
+++ ntp-4.2.6p5/ntpd/ntp_config.c 2017-03-22 15:20:44.970380429 +0100
@@ -1264,7 +1264,8 @@ destroy_address_node(
struct address_node *my_node
)
{
- NTP_REQUIRE(NULL != my_node);
+ if (NULL == my_node)
+ return;
NTP_REQUIRE(NULL != my_node->address);
free(my_node->address);
@@ -3563,10 +3564,10 @@ config_unpeers(
curr_unpeer = next_node(curr_unpeer)) {
/*
- * Either AssocID will be zero, and we unpeer by name/
- * address addr, or it is nonzero and addr NULL.
+ * If we have no address attached, assume we have to
+ * unpeer by AssocID.
*/
- if (curr_unpeer->assocID) {
+ if (!curr_unpeer->addr) {
peer = findpeerbyassoc((u_int)curr_unpeer->assocID);
if (peer != NULL) {
peer_clear(peer, "GONE");
distrib
>
Mageia
>
6
>
armv5tl
>
media
>
core-release-src
>
by-pkgid
>
0b1d47b1c6f4110a2d764d40ac25359d
>
files
>
62
