diff options
-rw-r--r-- | contrib/ntp/ntpd/ntp_control.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/contrib/ntp/ntpd/ntp_control.c b/contrib/ntp/ntpd/ntp_control.c index e2fb039..b2f9091 100644 --- a/contrib/ntp/ntpd/ntp_control.c +++ b/contrib/ntp/ntpd/ntp_control.c @@ -1,6 +1,11 @@ /* * ntp_control.c - respond to control messages and send async traps */ + +/* + * $FreeBSD$ + */ + #ifdef HAVE_CONFIG_H #include <config.h> #endif @@ -1649,8 +1654,20 @@ ctl_getitem( tp = buf; while (cp < reqend && isspace((int)*cp)) cp++; - while (cp < reqend && *cp != ',') + while (cp < reqend && *cp != ',') { *tp++ = *cp++; + if (tp > buf + sizeof(buf)) { + msyslog(LOG_WARNING, "Attempted \"ntpdx\" exploit from IP %d.%d.%d.%d:%d (possibly spoofed)\n", + (ntohl(rmt_addr->sin_addr.s_addr) >> 24) & 0xff, + (ntohl(rmt_addr->sin_addr.s_addr) >> 16) & 0xff, + (ntohl(rmt_addr->sin_addr.s_addr) >> 8) & 0xff, + (ntohl(rmt_addr->sin_addr.s_addr) >> 0) & 0xff, + ntohs(rmt_addr->sin_port) +); + + return (0); + } + } if (cp < reqend) cp++; *tp = '\0'; |