# This is a BitKeeper generated diff -Nru style patch. # # ChangeSet # 2009/10/07 01:33:22+00:00 davehart@shiny.ad.hartbrothers.com # [Sec 1331] DoS with mode 7 packets - CVE-2009-3563. # # ChangeLog # 2009/10/07 01:33:21+00:00 davehart@shiny.ad.hartbrothers.com +4 -0 # [Sec 1331] DoS with mode 7 packets - CVE-2009-3563. # # ntpd/ntp_request.c # 2009/10/07 01:33:21+00:00 davehart@shiny.ad.hartbrothers.com +9 -2 # [Sec 1331] DoS with mode 7 packets - CVE-2009-3563. # Index: ntp-4.2.4p7/ChangeLog =================================================================== --- ntp-4.2.4p7.orig/ChangeLog +++ ntp-4.2.4p7/ChangeLog @@ -1,4 +1,8 @@ --- + +* [Sec 1331] DoS with mode 7 packets - CVE-2009-3563. + +--- (4.2.4p7) 2009/05/18 Released by Harlan Stenn * [Sec 1151] Remote exploit if autokey is enabled - CVE-2009-1252. Index: ntp-4.2.4p7/ntpd/ntp_request.c =================================================================== --- ntp-4.2.4p7.orig/ntpd/ntp_request.c +++ ntp-4.2.4p7/ntpd/ntp_request.c @@ -409,6 +409,7 @@ process_private( int mod_okay ) { + static u_long quiet_until; struct req_pkt *inpkt; struct req_pkt_tail *tailinpkt; struct sockaddr_storage *srcadr; @@ -444,8 +445,14 @@ process_private( || (++ec, INFO_MBZ(inpkt->mbz_itemsize) != 0) || (++ec, rbufp->recv_length < REQ_LEN_HDR) ) { - msyslog(LOG_ERR, "process_private: INFO_ERR_FMT: test %d failed, pkt from %s", ec, stoa(srcadr)); - req_ack(srcadr, inter, inpkt, INFO_ERR_FMT); + NLOG(NLOG_SYSEVENT) + if (current_time >= quiet_until) { + msyslog(LOG_ERR, + "process_private: drop test %d" + " failed, pkt from %s", + ec, stoa(srcadr)); + quiet_until = current_time + 60; + } return; }