ntpd: fix refid reported in server mode, closes 13056

function old new delta resolve_peer_hostname 129 196 +67 recv_and_process_peer_pkt 2475 2476 +1 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 2/0 up/down: 68/0) Total: 68 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2020-07-20 00:04:33 +02:00 · 2020-07-20 00:04:33 +02:00 · 9a2d899273
commit 9a2d899273
parent 06a407c628
4 changed files with 41 additions and 7 deletions
--- a/include/libbb.h
+++ b/include/libbb.h
@ -2063,6 +2063,13 @@ unsigned sha3_end(sha3_ctx_t *ctx, void *resbuf) FAST_FUNC;
 typedef struct md5_ctx_t md5sha_ctx_t;
 #define md5sha_hash md5_hash
 #define sha_end sha1_end
+enum {
+	MD5_OUTSIZE    = 16,
+	SHA1_OUTSIZE   = 20,
+	SHA256_OUTSIZE = 32,
+	SHA512_OUTSIZE = 64,
+	SHA3_OUTSIZE   = 28,
+};

 extern uint32_t *global_crc32_table;
 uint32_t *crc32_filltable(uint32_t *tbl256, int endian) FAST_FUNC;
--- a/mailutils/popmaildir.c
+++ b/mailutils/popmaildir.c
@ -156,7 +156,7 @@ int popmaildir_main(int argc UNUSED_PARAM, char **argv)
 				md5_ctx_t ctx;
 				char hex[16 * 2 + 1];
 			} md5;
-			uint32_t res[16 / 4];
+			uint32_t res[MD5_OUTSIZE / 4];

 			char *s = strchr(buf, '>');
 			if (s)
--- a/networking/ntpd.c
+++ b/networking/ntpd.c
@ -337,6 +337,9 @@ typedef struct {
 #endif
 	int              p_fd;
 	int              datapoint_idx;
+#if ENABLE_FEATURE_NTPD_SERVER
+	uint32_t         p_refid;
+#endif
 	uint32_t         lastpkt_refid;
 	uint8_t          lastpkt_status;
 	uint8_t          lastpkt_stratum;
@ -413,7 +416,9 @@ struct globals {
 	 * in stratum 2+ packets, it's IPv4 address or 4 first bytes
 	 * of MD5 hash of IPv6
 	 */
+#if ENABLE_FEATURE_NTPD_SERVER
 	uint32_t refid;
+#endif
 	uint8_t  ntp_status;
 	/* precision is defined as the larger of the resolution and time to
 	 * read the clock, in log2 units.  For instance, the precision of a
@ -836,6 +841,24 @@ reset_peer_stats(peer_t *p, double offset)
 	VERB6 bb_error_msg("%s->lastpkt_recv_time=%f", p->p_dotted, p->lastpkt_recv_time);
 }

+#if ENABLE_FEATURE_NTPD_SERVER
+static uint32_t calculate_refid(len_and_sockaddr *lsa)
+{
+# if ENABLE_FEATURE_IPV6
+	if (lsa->u.sa.sa_family == AF_INET6) {
+		md5_ctx_t md5;
+		uint32_t res[MD5_OUTSIZE / 4];
+
+		md5_begin(&md5);
+		md5_hash(&md5, &lsa->u.sin6.sin6_addr, sizeof(lsa->u.sin6.sin6_addr));
+		md5_end(&md5, res);
+		return res[0];
+	}
+# endif
+	return lsa->u.sin.sin_addr.s_addr;
+}
+#endif
+
 static len_and_sockaddr*
 resolve_peer_hostname(peer_t *p)
 {
@ -847,6 +870,9 @@ resolve_peer_hostname(peer_t *p)
 		p->p_dotted = xmalloc_sockaddr2dotted_noport(&lsa->u.sa);
 		VERB1 if (strcmp(p->p_hostname, p->p_dotted) != 0)
 			bb_error_msg("'%s' is %s", p->p_hostname, p->p_dotted);
+#if ENABLE_FEATURE_NTPD_SERVER
+		p->p_refid = calculate_refid(p->p_lsa);
+#endif
 		p->dns_errors = 0;
 		return lsa;
 	}
@ -1764,7 +1790,10 @@ update_local_clock(peer_t *p)

 	G.reftime = G.cur_time;
 	G.ntp_status = p->lastpkt_status;
-	G.refid = p->lastpkt_refid;
+#if ENABLE_FEATURE_NTPD_SERVER
+	/* Our current refid is the IPv4 (or md5-hashed IPv6) address of the peer we took time from: */
+	G.refid = p->p_refid;
+#endif
 	G.rootdelay = p->lastpkt_rootdelay + p->lastpkt_delay;
 	dtemp = p->filter_jitter; // SQRT(SQUARE(p->filter_jitter) + SQUARE(G.cluster_jitter));
 	dtemp += MAXD(p->filter_dispersion + FREQ_TOLERANCE * (G.cur_time - p->lastpkt_recv_time) + abs_offset, MINDISP);
@ -2249,11 +2278,11 @@ recv_and_process_client_pkt(void /*int fd*/)
 	 * We don't support this.
 	 */

-#if ENABLE_FEATURE_NTP_AUTH
+# if ENABLE_FEATURE_NTP_AUTH
 	if (size != NTP_MSGSIZE_NOAUTH && size != NTP_MSGSIZE_MD5_AUTH && size != NTP_MSGSIZE_SHA1_AUTH)
-#else
+# else
 	if (size != NTP_MSGSIZE_NOAUTH && size != NTP_MSGSIZE_MD5_AUTH)
-#endif
+# endif
 	{
 		char *addr;
 		if (size < 0) {
--- a/networking/tls.c
+++ b/networking/tls.c
@ -212,8 +212,6 @@

 enum {
 	SHA_INSIZE     = 64,
-	SHA1_OUTSIZE   = 20,
-	SHA256_OUTSIZE = 32,

 	AES128_KEYSIZE = 16,
 	AES256_KEYSIZE = 32,