This patch is already included upstream in 4.2.8p1 (actually 4.2.7). Is there any chance to consider this for the next patch on 4.2.6 or have 4.2.8p1 built?
-- On Mon, 12 Nov 2012 15:10:53 +0100 csszep <css...@gmail.com> wrote: > Ok, i pached the source, with the following diff from > > http://bk.ntp.org/ntp-dev/?PAGE=patch&REV=4f977538lZC_iBKp-J-Xg1LFrR9foQ > > > --- 1.340/ntpd/ntp_proto.c 2012-03-10 17:27:45 +00:00 > +++ 1.341/ntpd/ntp_proto.c 2012-04-25 03:53:27 +00:00 > @@ -394,18 +394,15 @@ receive( > * reveals a clogging attack. > */ > sys_received++; > - if (SRCPORT(&rbufp->recv_srcadr) < NTP_PORT) { > + if (0 == SRCPORT(&rbufp->recv_srcadr)) { > sys_badlength++; > return; /* bogus port */ > } > restrict_mask = restrictions(&rbufp->recv_srcadr); > -#ifdef DEBUG > - if (debug > 1) > - printf("receive: at %ld %s<-%s flags %x restrict %03x\n", > + DPRINTF(2, ("receive: at %ld %s<-%s flags %x restrict %03x\n", > current_time, stoa(&rbufp->dstadr->sin), > stoa(&rbufp->recv_srcadr), > - rbufp->dstadr->flags, restrict_mask); > -#endif > + rbufp->dstadr->flags, restrict_mask)); > pkt = &rbufp->recv_pkt; > hisversion = PKT_VERSION(pkt->li_vn_mode); > hisleap = PKT_LEAP(pkt->li_vn_mode); > > > It tested it with a simple python ntp client: > > from socket import * > import struct > import sys > import time > > TIME1970 = 2208988800L > > client = socket( AF_INET, SOCK_DGRAM ) > client.bind(('', 112)) > data = '\x1b' + 47 * '\0' > client.sendto( data, ( sys.argv[1], 123 )) > data, address = client.recvfrom( 1024 ) > if data: > print 'Response received from:', address > t = struct.unpack( '!12I', data )[10] > t -= TIME1970 > print '\tTime=%s' % time.ctime(t) > > > root@lab-test:~/ntppatch# python pythoncl 127.0.0.1 > Response received from: ('127.0.0.1', 123) > Time=Tue Oct 30 10:52:55 2012 > > > root@lab-test:~/ntppatch# ntpdc -n -c monlist > remote address port local address count m ver rstr avgint lstint > ===============================================================================