RFC Errata
RFC 5905, "Network Time Protocol Version 4: Protocol and Algorithms Specification", June 2010
Note: This RFC has been updated by RFC 7822, RFC 8573, RFC 9109
Source of RFC: ntp (int)
Errata ID: 4505
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Miroslav Lichvar
Date Reported: 2015-10-15
Rejected by: Brian Haberman
Date Rejected: 2015-12-14
Section A.5.1 says:
/* * Update the origin and destination timestamps. If * unsynchronized or bogus, abandon ship. */ p->org = r->xmt; p->rec = r->dst; if (!synch) return; /* unsynch */ /* * The timestamps are valid and the receive packet matches the * last one sent. If the packet is a crypto-NAK, the server * might have just changed keys. We demobilize the association * and wait for better times. */ if (auth == A_CRYPTO) { clear(p, X_CRYPTO); return; /* crypto-NAK */ } /* * If the association is authenticated, the key ID is nonzero * and received packets must be authenticated. This is designed * to avoid a bait-and-switch attack, which was possible in past * versions. */ if (!AUTH(p->keyid || (p->flags & P_NOTRUST), auth)) return; /* bad auth */
It should say:
/* * If the packet is a valid crypto-NAK, the server might have * just changed keys. We demobilize the association and wait * for better times. */ if (synch && auth == A_CRYPTO) { clear(p, X_CRYPTO); return; /* crypto-NAK */ } /* * If the association is authenticated, the key ID is nonzero * and received packets must be authenticated. This is designed * to avoid a bait-and-switch attack, which was possible in past * versions. */ if (!AUTH(p->keyid || (p->flags & P_NOTRUST), auth)) return; /* bad auth */ /* * Update the origin and destination timestamps. If * unsynchronized or bogus, abandon ship. */ p->org = r->xmt; p->rec = r->dst; if (!synch) return; /* unsynch */
Notes:
The state variables must be updated after the authentication is checked in order to prevent DoS attacks on authenticated symmetric associations (CVE-2015-1799).
--VERIFIER NOTES--
The appendix is not the normative description of the protocol behavior. A change such as this needs consensus within the working group. To do that, a draft should be submitted with the proposed changes.