mlichvar pushed to ntp (f21). "don't drop packets with source port below 123"

Wed Apr 8 11:46:45 UTC 2015

>From cb8d1e4707e00167276866d9ff11ea692d9bc49b Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar at redhat.com>
Date: Thu, 26 Feb 2015 15:31:22 +0100
Subject: don't drop packets with source port below 123

diff --git a/ntp-4.2.6p5-sourceport.patch b/ntp-4.2.6p5-sourceport.patch
new file mode 100644
index 0000000..ef3fb10
--- /dev/null
+++ b/ntp-4.2.6p5-sourceport.patch
@@ -0,0 +1,12 @@
+diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.sourceport ntp-4.2.6p5/ntpd/ntp_proto.c
+--- ntp-4.2.6p5/ntpd/ntp_proto.c.sourceport	2015-02-06 16:43:27.857879763 +0100
++++ ntp-4.2.6p5/ntpd/ntp_proto.c	2015-02-06 16:43:56.446879712 +0100
+@@ -334,7 +334,7 @@ receive(
+ 	 * reveals a clogging attack.
+ 	 */
+ 	sys_received++;
+-	if (SRCPORT(&rbufp->recv_srcadr) < NTP_PORT) {
++	if (SRCPORT(&rbufp->recv_srcadr) == 0) {
+ 		sys_badlength++;
+ 		return;				/* bogus port */
+ 	}
diff --git a/ntp.spec b/ntp.spec
index 4648a2a..90833cc 100644
--- a/ntp.spec
+++ b/ntp.spec
@@ -107,6 +107,8 @@ Patch27: ntp-4.2.6p5-cve-2014-9296.patch
 Patch28: ntp-4.2.6p5-cve-2014-9297.patch
 # ntpbz #2672
 Patch29: ntp-4.2.6p5-cve-2014-9298.patch
+# ntpbz #2174
+Patch30: ntp-4.2.6p5-sourceport.patch
 
 # handle unknown clock types
 Patch50: ntpstat-0.2-clksrc.patch
@@ -229,6 +231,7 @@ This package contains NTP documentation in HTML format.
 %patch27 -p1 -b .cve-2014-9296
 %patch28 -p1 -b .cve-2014-9297
 %patch29 -p1 -b .cve-2014-9298
+%patch30 -p1 -b .sourceport
 
 # ntpstat patches
 %patch50 -p1 -b .clksrc
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/ntp.git/commit/?h=f21&id=cb8d1e4707e00167276866d9ff11ea692d9bc49b
