Mercurial Mercurial > sustaining > oi_151a > sfw-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
usr/src/cmd/ntpd/Patches/cve20093563.patch
author Cyril Plisko <cyril.plisko@grigale.com>
Mon, 08 Feb 2010 15:41:40 +0200
changeset 7 f96733ecc878
permissions -rw-r--r--
Import sfw build 133 Bugs Fixed ---------- 6462216 tomcat fails to build with java 1.6 6766826 SUNWopenldapr becomes inconsistent after a reboot 6900262 OpenSSL PKCS#11 engine files are not cstyle clean again 6902029 DoS vulnerability in ntpd NTP mode 7 (MODE_PRIVATE) handling [CVE-2009-3563] 6908571 77.5% snv_129 openssl-rsa1024-ncp_engine-verifys performance regression sparc 6909632 PKCS#11 engine should use CK_(TRUE|FALSE) instead of TRUE/FALSE 6910922 Apache 1.3 JServ module removal 6912691 don't need to reference /usr/openwin so much anymore 6912906 Apache 1.3 init.d script shouldn't refer to Tomcat 6913689 Several sfw packages no longer need to depend on SUNWmlib and SUNWmlibl 6917046 upgrade ncftp to 3.2.3 6918442 when /usr/bin/patch becomes gnu patch in opensolaris 131, it upsets a few things 6919344 SUNWgnu-readline consumers have undefined tgetent symbol 6919686 Tomcat vulnerable for CVE-2009-2901, CVE-2009-2902 and CVE-2009-2693 6920566 SUNWgnupg license is incorrect for gpgme 6920613 Apache Tomcat 6.0.24 stable 6920817 Wireshark update to version 1.2.6 6920889 make OpenSSL fips and non-fips builds run in parallel 6921161 SUNWusbccid should have gone away with SUNWocf

--- ntpd/ntp_request.c.fcs	Thu Dec 31 15:12:40 2009
+++ ntpd/ntp_request.c	Thu Dec 31 15:20:26 2009
@@ -441,18 +441,20 @@
 #endif
 
 	/*
-	 * Do some sanity checks on the packet.  Return a format
-	 * error if it fails.
+	 * Do some sanity checks on the packet.  Drop it if it is
+	 * malformed or a response packet. Return a format
+	 * error if it fails any other tests.
 	 */
-	ec = 0;
-	if (   (++ec, ISRESPONSE(inpkt->rm_vn_mode))
-	    || (++ec, ISMORE(inpkt->rm_vn_mode))
+	if (rbufp->recv_length < REQ_LEN_HDR ||
+	    ISRESPONSE(inpkt->rm_vn_mode)) return;
+	
+	ec = 1;
+	if (   (++ec, ISMORE(inpkt->rm_vn_mode))
 	    || (++ec, INFO_VERSION(inpkt->rm_vn_mode) > NTP_VERSION)
 	    || (++ec, INFO_VERSION(inpkt->rm_vn_mode) < NTP_OLDVERSION)
 	    || (++ec, INFO_SEQ(inpkt->auth_seq) != 0)
 	    || (++ec, INFO_ERR(inpkt->err_nitems) != 0)
 	    || (++ec, INFO_MBZ(inpkt->mbz_itemsize) != 0)
-	    || (++ec, rbufp->recv_length < REQ_LEN_HDR)
 		) {
 		msyslog(LOG_ERR, "process_private: INFO_ERR_FMT: test %d failed, pkt from %s", ec, stoa(srcadr));
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
sustaining/oi_151a/sfw-gate