~ubuntu-branches/ubuntu/lucid/ntp/lucid-updates

« back to all changes in this revision

Viewing changes to ntpd/ntp_proto.c

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-02-06 09:32:14 UTC
  • mfrom: (39.1.2 lucid-security)
  • Revision ID: package-import@ubuntu.com-20150206093214-a003rn8voc3uzmca
Tags: 1:4.2.4p8+dfsg-1ubuntu2.3
* SECURITY UPDATE: denial of service and possible info leakage via
  extension fields
  - debian/patches/CVE-2014-9297.patch: properly check lengths in
    ntpd/ntp_crypto.c, ntpd/ntp_proto.c.
  - CVE-2014-9297
* SECURITY UPDATE: IPv6 ACL bypass
  - debian/patches/CVE-2014-9298.patch: check for spoofed ::1 in
    ntpd/ntp_io.c.
  - CVE-2014-9298

Show diffs side-by-side

added added

removed removed

Lines of Context:
483
483
                        return;                 /* bad MAC length */
484
484
                }
485
485
        }
 
486
        /*
 
487
         * If has_mac is < 0 we had a malformed packet.
 
488
         */
 
489
        if (has_mac < 0) {
 
490
                sys_badlength++;
 
491
                return;         /* bad length */
 
492
        }
 
493
 
 
494
 
486
495
#ifdef OPENSSL
487
496
        pkeyid = tkeyid = 0;
488
497
#endif /* OPENSSL */