From 78ae7d8efda344075c7991c731afdbd47ae1cee9 Mon Sep 17 00:00:00 2001 From: Kevin Darbyshire-Bryant Date: Wed, 21 Sep 2016 20:02:01 +0100 Subject: busybox: v1.25.0 upstream patches Include upstream patches for gzip, ip & ntpd. Signed-off-by: Kevin Darbyshire-Bryant --- .../busybox/patches/000-busybox-1.25.0-ntpd.patch | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 package/utils/busybox/patches/000-busybox-1.25.0-ntpd.patch (limited to 'package/utils/busybox/patches/000-busybox-1.25.0-ntpd.patch') diff --git a/package/utils/busybox/patches/000-busybox-1.25.0-ntpd.patch b/package/utils/busybox/patches/000-busybox-1.25.0-ntpd.patch new file mode 100644 index 0000000000..0eb887d23c --- /dev/null +++ b/package/utils/busybox/patches/000-busybox-1.25.0-ntpd.patch @@ -0,0 +1,28 @@ +ntpd: respond only to client and symmetric active packets +The busybox NTP implementation doesn't check the NTP mode of packets +received on the server port and responds to any packet with the right +size. This includes responses from another NTP server. An attacker can +send a packet with a spoofed source address in order to create an +infinite loop of responses between two busybox NTP servers. Adding +more packets to the loop increases the traffic between the servers +until one of them has a fully loaded CPU and/or network. + +Signed-off-by: Miroslav Lichvar +Signed-off-by: Denys Vlasenko + +--- a/networking/ntpd.c ++++ b/networking/ntpd.c +@@ -2051,6 +2051,13 @@ recv_and_process_client_pkt(void /*int f + goto bail; + } + ++ /* Respond only to client and symmetric active packets */ ++ if ((msg.m_status & MODE_MASK) != MODE_CLIENT ++ && (msg.m_status & MODE_MASK) != MODE_SYM_ACT ++ ) { ++ goto bail; ++ } ++ + query_status = msg.m_status; + query_xmttime = msg.m_xmttime; + -- cgit v1.2.3