diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2015-7974 ntp-4.2.6p5/ntpd/ntp_proto.c --- ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2015-7974 2016-01-21 14:06:18.958346184 +0100 +++ ntp-4.2.6p5/ntpd/ntp_proto.c 2016-01-21 14:16:34.894828262 +0100 @@ -674,10 +674,13 @@ receive( * succeed in bloating the key cache. If an autokey, * purge it immediately, since we won't be needing it * again. If the packet is authentic, it can mobilize an - * association. Note that there is no key zero. + * association. If it's a persistent association using a + * symmetric key, the key ID has to match the configured + * value. Note that there is no key zero. */ - if (!authdecrypt(skeyid, (u_int32 *)pkt, authlen, - has_mac)) + if ((peer && !(peer->flags & FLAG_PREEMPT) && + peer->keyid <= NTP_MAXKEY && skeyid != peer->keyid) || + !authdecrypt(skeyid, (u_int32 *)pkt, authlen, has_mac)) is_authentic = AUTH_ERROR; else is_authentic = AUTH_OK;
distrib
>
Mageia
>
5
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
cd0f440b578c03b7706d19492362a305
>
files
>
42
