diff options
author | simon <simon@FreeBSD.org> | 2010-01-06 21:45:30 +0000 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2010-01-06 21:45:30 +0000 |
commit | 92b5431ace7a9e5331f00b0f2be94418ae603714 (patch) | |
tree | 59ff4bcd560ada84da08a0097746f50d014a2743 /contrib/ntp | |
parent | bff2fcd685c5e3bc06f62453cb455da887c770e2 (diff) | |
download | FreeBSD-src-92b5431ace7a9e5331f00b0f2be94418ae603714.zip FreeBSD-src-92b5431ace7a9e5331f00b0f2be94418ae603714.tar.gz |
Fix BIND named(8) cache poisoning with DNSSEC validation.
[SA-10:01]
Fix ntpd mode 7 denial of service. [SA-10:02]
Fix ZFS ZIL playback with insecure permissions. [SA-10:03]
Various FreeBSD 8.0-RELEASE improvements. [EN-10:01]
Security: FreeBSD-SA-10:01.bind
Security: FreeBSD-SA-10:02.ntpd
Security: FreeBSD-SA-10:03.zfs
Errata: FreeBSD-EN-10:01.freebsd
Approved by: so (simon)
Diffstat (limited to 'contrib/ntp')
-rw-r--r-- | contrib/ntp/ntpd/ntp_request.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/contrib/ntp/ntpd/ntp_request.c b/contrib/ntp/ntpd/ntp_request.c index b1bc99d..67bad2a 100644 --- a/contrib/ntp/ntpd/ntp_request.c +++ b/contrib/ntp/ntpd/ntp_request.c @@ -409,6 +409,7 @@ process_private( int mod_okay ) { + static u_long quiet_until; struct req_pkt *inpkt; struct req_pkt_tail *tailinpkt; struct sockaddr_storage *srcadr; @@ -444,8 +445,14 @@ process_private( || (++ec, INFO_MBZ(inpkt->mbz_itemsize) != 0) || (++ec, rbufp->recv_length < REQ_LEN_HDR) ) { - msyslog(LOG_ERR, "process_private: INFO_ERR_FMT: test %d failed, pkt from %s", ec, stoa(srcadr)); - req_ack(srcadr, inter, inpkt, INFO_ERR_FMT); + NLOG(NLOG_SYSEVENT) + if (current_time >= quiet_until) { + msyslog(LOG_ERR, + "process_private: drop test %d" + " failed, pkt from %s", + ec, stoa(srcadr)); + quiet_until = current_time + 60; + } return; } |