From fd5d60e4e26e1ce06a64031e00e928301e6107b5 Mon Sep 17 00:00:00 2001 From: henning <> Date: Wed, 7 Jul 2004 06:50:40 +0000 Subject: [PATCH] if the cookie in the received packet doesn't match discard it silently; the logging was useful for development but is a bad idea in production use as a remote attacker could flood your logs --- src/usr.sbin/ntpd/client.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/usr.sbin/ntpd/client.c b/src/usr.sbin/ntpd/client.c index 81d7eb86..da30417f 100644 --- a/src/usr.sbin/ntpd/client.c +++ b/src/usr.sbin/ntpd/client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: client.c,v 1.12 2004/07/07 01:01:27 henning Exp $ */ +/* $OpenBSD: client.c,v 1.13 2004/07/07 06:50:40 henning Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -113,11 +113,8 @@ client_dispatch(struct ntp_peer *p) ntp_getmsg(buf, size, &msg); if (msg.orgtime.int_part != p->query->msg.xmttime.int_part || - msg.orgtime.fraction != p->query->msg.xmttime.fraction) { - log_warnx("received packet from %s without correct cookie, " - "discarding", log_sockaddr((struct sockaddr *)&fsa)); + msg.orgtime.fraction != p->query->msg.xmttime.fraction) return (0); - } /* * From RFC 2030: