~ubuntu-branches/ubuntu/lucid/ntp/lucid-updates

« back to all changes in this revision

Viewing changes to ntpd/ntp_io.c

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-02-06 09:32:14 UTC
  • mfrom: (39.1.2 lucid-security)
  • Revision ID: package-import@ubuntu.com-20150206093214-a003rn8voc3uzmca
Tags: 1:4.2.4p8+dfsg-1ubuntu2.3
* SECURITY UPDATE: denial of service and possible info leakage via
  extension fields
  - debian/patches/CVE-2014-9297.patch: properly check lengths in
    ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
  - CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
  - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
    ntpd/ntp_io.c.
  - CVE-2014-9298

Show diffs side-by-side

added added

removed removed

Lines of Context:
3021
3021
#endif
3022
3022
 
3023
3023
        /*
 
3024
        ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1
 
3025
        */
 
3026
 
 
3027
        if (AF_INET6 == itf->family) {
 
3028
                DPRINTF(2, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n",
 
3029
                        stoa(&rb->recv_srcadr),
 
3030
                        IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr),
 
3031
                        stoa(&itf->sin),
 
3032
                        !IN6_IS_ADDR_LOOPBACK(&itf->sin)
 
3033
                        ));
 
3034
 
 
3035
                if (   IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr)
 
3036
                    && !IN6_IS_ADDR_LOOPBACK(&itf->sin)
 
3037
                   ) {
 
3038
                        packets_dropped++;
 
3039
                        DPRINTF(2, ("DROPPING that packet\n"));
 
3040
                        freerecvbuf(rb);
 
3041
                        return buflen;
 
3042
                }
 
3043
                DPRINTF(2, ("processing that packet\n"));
 
3044
        }
 
3045
 
 
3046
        /*
3024
3047
         * Got one.  Mark how and when it got here,
3025
3048
         * put it on the full list and do bookkeeping.
3026
3049
         */