[ntp] don't drop packets with source port below 123
Miroslav Lichvar
mlichvar at fedoraproject.org
Thu Feb 26 14:51:22 UTC 2015
commit cb8d1e4707e00167276866d9ff11ea692d9bc49b
Author: Miroslav Lichvar <mlichvar at redhat.com>
Date: Thu Feb 26 15:31:22 2015 +0100
don't drop packets with source port below 123
ntp-4.2.6p5-sourceport.patch | 12 ++++++++++++
ntp.spec | 3 +++
2 files changed, 15 insertions(+)
---
diff --git a/ntp-4.2.6p5-sourceport.patch b/ntp-4.2.6p5-sourceport.patch
new file mode 100644
index 0000000..ef3fb10
--- /dev/null
+++ b/ntp-4.2.6p5-sourceport.patch
@@ -0,0 +1,12 @@
+diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.sourceport ntp-4.2.6p5/ntpd/ntp_proto.c
+--- ntp-4.2.6p5/ntpd/ntp_proto.c.sourceport 2015-02-06 16:43:27.857879763 +0100
++++ ntp-4.2.6p5/ntpd/ntp_proto.c 2015-02-06 16:43:56.446879712 +0100
+@@ -334,7 +334,7 @@ receive(
+ * reveals a clogging attack.
+ */
+ sys_received++;
+- if (SRCPORT(&rbufp->recv_srcadr) < NTP_PORT) {
++ if (SRCPORT(&rbufp->recv_srcadr) == 0) {
+ sys_badlength++;
+ return; /* bogus port */
+ }
diff --git a/ntp.spec b/ntp.spec
index 4648a2a..90833cc 100644
--- a/ntp.spec
+++ b/ntp.spec
@@ -107,6 +107,8 @@ Patch27: ntp-4.2.6p5-cve-2014-9296.patch
Patch28: ntp-4.2.6p5-cve-2014-9297.patch
# ntpbz #2672
Patch29: ntp-4.2.6p5-cve-2014-9298.patch
+# ntpbz #2174
+Patch30: ntp-4.2.6p5-sourceport.patch
# handle unknown clock types
Patch50: ntpstat-0.2-clksrc.patch
@@ -229,6 +231,7 @@ This package contains NTP documentation in HTML format.
%patch27 -p1 -b .cve-2014-9296
%patch28 -p1 -b .cve-2014-9297
%patch29 -p1 -b .cve-2014-9298
+%patch30 -p1 -b .sourceport
# ntpstat patches
%patch50 -p1 -b .clksrc
More information about the scm-commits
mailing list