← Back to branch summary

~ubuntu-branches/debian/squeeze/ntp/squeeze-201010051545

« back to all changes in this revision

Viewing changes to ntpd/ntp_monitor.c

  • Committer: Bazaar Package Importer
  • Author(s): Kurt Roeckx
  • Date: 2009-01-05 21:10:03 UTC
  • mfrom: (1.2.4 upstream)
  • Revision ID: james.westby@ubuntu.com-20090105211003-mh6zc3um4k1uhsj7
Tags: 1:4.2.4p4+dfsg-8
It did not properly check the return value of EVP_VerifyFinal
which results in an malformed DSA signature being treated as
a good signature rather than as an error.  (CVE-2009-0021)

Show diffs side-by-side

added added

removed removed

Lines of Context:
ntpd/ntp_monitor.c
9
9
#include "ntp_io.h"
10
10
#include "ntp_if.h"
11
11
#include "ntp_stdlib.h"
 
12
#include <ntp_random.h>
12
13
 
13
14
#include <stdio.h>
14
15
#include <signal.h>
177
178
        mon_mru_list.mru_prev = &mon_mru_list;
178
179
}
179
180
 
 
181
void
 
182
ntp_monclearinterface(struct interface *interface)
 
183
{
 
184
        struct mon_data *md;
 
185
 
 
186
        for (md = mon_mru_list.mru_next; md != &mon_mru_list;
 
187
             md = md->mru_next) {
 
188
          if (md->interface == interface) 
 
189
            {
 
190
              /* dequeue from mru list and put to free list */
 
191
              md->mru_prev->mru_next = md->mru_next;
 
192
              md->mru_next->mru_prev = md->mru_prev;
 
193
              remove_from_hash(md);
 
194
              md->hash_next = mon_free;
 
195
              mon_free = md;
 
196
            }
 
197
        }
 
198
}
180
199
 
181
200
/*
182
201
 * ntp_monitor - record stats about this packet
 
202
 *
 
203
 * Returns 1 if the packet is at the head of the list, 0 otherwise.
183
204
 */
184
 
void
 
205
int
185
206
ntp_monitor(
186
207
        struct recvbuf *rbufp
187
208
        )
193
214
        register int mode;
194
215
 
195
216
        if (mon_enabled == MON_OFF)
196
 
                return;
 
217
                return 0;
197
218
 
198
219
        pkt = &rbufp->recv_pkt;
199
220
        memset(&addr, 0, sizeof(addr));
223
244
                        md->mru_prev = &mon_mru_list;
224
245
                        mon_mru_list.mru_next->mru_prev = md;
225
246
                        mon_mru_list.mru_next = md;
226
 
                        return;
 
247
                        return 1;
227
248
                }
228
249
                md = md->hash_next;
229
250
        }
239
260
                 * Preempt from the MRU list if old enough.
240
261
                 */
241
262
                md = mon_mru_list.mru_prev;
242
 
                if (((u_long)RANDOM & 0xffffffff) / FRAC >
 
263
                /* We get 31 bits from ntp_random() */
 
264
                if (((u_long)ntp_random()) / FRAC >
243
265
                    (double)(current_time - md->lasttime) / mon_age)
244
 
                        return;
 
266
                        return 0;
245
267
 
246
268
                md->mru_prev->mru_next = &mon_mru_list;
247
269
                mon_mru_list.mru_prev = md->mru_prev;
266
288
        md->mode = (u_char) mode;
267
289
        md->version = PKT_VERSION(pkt->li_vn_mode);
268
290
        md->interface = rbufp->dstadr;
269
 
        md->cast_flags = (u_char)(((rbufp->dstadr->flags & INT_MULTICAST) &&
 
291
        md->cast_flags = (u_char)(((rbufp->dstadr->flags & INT_MCASTOPEN) &&
270
292
            rbufp->fd == md->interface->fd) ? MDF_MCAST: rbufp->fd ==
271
293
                md->interface->bfd ? MDF_BCAST : MDF_UCAST);
272
294
 
280
302
        md->mru_prev = &mon_mru_list;
281
303
        mon_mru_list.mru_next->mru_prev = md;
282
304
        mon_mru_list.mru_next = md;
 
305
        return 1;
283
306
}
284
307
 
285
308