On 20/12/14 20:54, A C wrote:
Ok, so the remaining uncertainty is whether some of the crafted packets
can be the response packets for a normal time exchange or if they're
only query/config packets. The advisory isn't completely clear on what
types of packets can cause the buffer overflows.
ctl_putdata handles the responses to ntpq type control packets.
configure is the action routine for a particular control type request.
They are both in ntp_control.c, whose first four lines are:
/*
* ntp_control.c - respond to mode 6 control messages and send async
* traps. Provides service to ntpq and others.
*/
I didn't check the encryption one, as casual users don't use encryption.
It may well turn out to be the encryption used for control packets.
_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions