Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
ntp.500
ntp-CVE-2014-9298.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ntp-CVE-2014-9298.patch of Package ntp.500
--- ntpd/ntp_io.c +++ ntpd/ntp_io.c @@ -3472,6 +3472,30 @@ read_network_packet( DPRINTF(3, ("read_network_packet: fd=%d length %d from %s\n", fd, buflen, stoa(&rb->recv_srcadr))); + + /* + ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1 + */ + + if (AF_INET6 == itf->family) { + DPRINTF(2, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n", + stoa(&rb->recv_srcadr), + IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)), + stoa(&itf->sin), + !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) + )); + + if ( IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)) + && !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) + ) { + packets_dropped++; + DPRINTF(2, ("DROPPING that packet\n")); + freerecvbuf(rb); + return buflen; + } + DPRINTF(2, ("processing that packet\n")); + } + /* * Got one. Mark how and when it got here, * put it on the full list and do bookkeeping.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor