NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p18 was released on 25 May 2024 and addresses 40 bugs and provides 40 improvements.

Please see the NTP 4.2.8p18 Changelog for details.

Bug 2667 - Buffer overflow in crypto_recv()
Summary: Buffer overflow in crypto_recv()
Status: RESOLVED FIXED
Alias: None
Product: ntp
Classification: Unclassified
Component: ntpd (show other bugs)
Version: 4.2.6
Hardware: N/A All
: P2 critical
Assignee: Harlan Stenn
URL:
Depends on:
Blocks: 2655
  Show dependency tree
 
Reported: 2014-11-03 00:27 UTC by Harlan Stenn
Modified: 2023-03-30 10:09 UTC (History)
5 users (show)

See Also:
stenn: blocking4.2.6+
stenn: blocking4.2.8+


Attachments
allocate the buffer for the cookie dynamically (1.17 KB, patch)
2014-11-24 15:18 UTC, Stephen Röttger
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Harlan Stenn 2014-11-03 00:27:46 UTC
+++ This bug was initially created as a clone of Bug #2655 +++

3) ntpd/ntp_crypto.c:792 <crypto_recv> (buffer overflow)
 fix: dynamically allocate the buffer to decrypt into
Comment 1 Stephen Röttger 2014-11-24 15:18:30 UTC
Created attachment 1161 [details]
allocate the buffer for the cookie dynamically

I haven't tested this patch, it would be good if someone with a working Autokey setup could do that (the patch is quite simple though).
Comment 2 Harlan Stenn 2014-12-12 11:08:28 UTC
In my ntp-dev-sec/ subdir.
Comment 3 Harlan Stenn 2014-12-20 06:03:06 UTC
Fixed in 4.2.8.