aboutsummaryrefslogtreecommitdiff
path: root/ntpd/ntp_io.c
diff options
context:
space:
mode:
Diffstat (limited to 'ntpd/ntp_io.c')
-rw-r--r--ntpd/ntp_io.c70
1 files changed, 48 insertions, 22 deletions
diff --git a/ntpd/ntp_io.c b/ntpd/ntp_io.c
index fe62ec566cda..ed5f0dcaff40 100644
--- a/ntpd/ntp_io.c
+++ b/ntpd/ntp_io.c
@@ -1043,7 +1043,7 @@ remove_interface(
/* remove restrict interface entry */
SET_HOSTMASK(&resmask, AF(&ep->sin));
hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask,
- RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
+ -3, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
}
@@ -1600,7 +1600,7 @@ set_wildcard_reuse(
if (fd != INVALID_SOCKET) {
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
- (char *)&on, sizeof(on)))
+ (void *)&on, sizeof(on)))
msyslog(LOG_ERR,
"set_wildcard_reuse: setsockopt(SO_REUSEADDR, %s) failed: %m",
on ? "on" : "off");
@@ -2093,7 +2093,7 @@ create_interface(
*/
SET_HOSTMASK(&resmask, AF(&iface->sin));
hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask,
- RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
+ -4, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
/*
* set globals with the first found
@@ -2156,7 +2156,7 @@ set_excladdruse(
#endif
failed = setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE,
- (char *)&one, sizeof(one));
+ (void *)&one, sizeof(one));
if (!failed)
return;
@@ -2210,7 +2210,7 @@ set_reuseaddr(
if (ep->fd != INVALID_SOCKET) {
if (setsockopt(ep->fd, SOL_SOCKET, SO_REUSEADDR,
- (char *)&flag, sizeof(flag))) {
+ (void *)&flag, sizeof(flag))) {
msyslog(LOG_ERR, "set_reuseaddr: setsockopt(%s, SO_REUSEADDR, %s) failed: %m",
stoa(&ep->sin), flag ? "on" : "off");
}
@@ -2253,7 +2253,7 @@ socket_broadcast_enable(
if (IS_IPV4(baddr)) {
/* if this interface can support broadcast, set SO_BROADCAST */
if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST,
- (char *)&on, sizeof(on)))
+ (void *)&on, sizeof(on)))
msyslog(LOG_ERR,
"setsockopt(SO_BROADCAST) enable failure on address %s: %m",
stoa(baddr));
@@ -2284,7 +2284,7 @@ socket_broadcast_disable(
int off = 0; /* This seems to be OK as an int */
if (IS_IPV4(baddr) && setsockopt(iface->fd, SOL_SOCKET,
- SO_BROADCAST, (char *)&off, sizeof(off)))
+ SO_BROADCAST, (void *)&off, sizeof(off)))
msyslog(LOG_ERR,
"setsockopt(SO_BROADCAST) disable failure on address %s: %m",
stoa(baddr));
@@ -2365,7 +2365,7 @@ enable_multicast_if(
*/
if (setsockopt(iface->fd, IPPROTO_IP,
IP_MULTICAST_LOOP,
- SETSOCKOPT_ARG_CAST &off,
+ (void *)&off,
sizeof(off))) {
msyslog(LOG_ERR,
@@ -2384,7 +2384,7 @@ enable_multicast_if(
*/
if (setsockopt(iface->fd, IPPROTO_IPV6,
IPV6_MULTICAST_LOOP,
- (char *) &off6, sizeof(off6))) {
+ (void *) &off6, sizeof(off6))) {
msyslog(LOG_ERR,
"setsockopt IPV6_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s",
@@ -2426,7 +2426,7 @@ socket_multicast_enable(
if (setsockopt(iface->fd,
IPPROTO_IP,
IP_ADD_MEMBERSHIP,
- (char *)&mreq,
+ (void *)&mreq,
sizeof(mreq))) {
DPRINTF(2, (
"setsockopt IP_ADD_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)",
@@ -2456,7 +2456,7 @@ socket_multicast_enable(
mreq6.ipv6mr_interface = iface->ifindex;
if (setsockopt(iface->fd, IPPROTO_IPV6,
- IPV6_JOIN_GROUP, (char *)&mreq6,
+ IPV6_JOIN_GROUP, (void *)&mreq6,
sizeof(mreq6))) {
DPRINTF(2, (
"setsockopt IPV6_JOIN_GROUP failed: %m on socket %d, addr %s for interface %u (%s)",
@@ -2510,7 +2510,7 @@ socket_multicast_disable(
mreq.imr_multiaddr = SOCK_ADDR4(maddr);
mreq.imr_interface = SOCK_ADDR4(&iface->sin);
if (setsockopt(iface->fd, IPPROTO_IP,
- IP_DROP_MEMBERSHIP, (char *)&mreq,
+ IP_DROP_MEMBERSHIP, (void *)&mreq,
sizeof(mreq))) {
msyslog(LOG_ERR,
@@ -2534,7 +2534,7 @@ socket_multicast_disable(
mreq6.ipv6mr_interface = iface->ifindex;
if (setsockopt(iface->fd, IPPROTO_IPV6,
- IPV6_LEAVE_GROUP, (char *)&mreq6,
+ IPV6_LEAVE_GROUP, (void *)&mreq6,
sizeof(mreq6))) {
msyslog(LOG_ERR,
@@ -2730,6 +2730,7 @@ io_multicast_add(
if (ep->fd != INVALID_SOCKET) {
ep->ignore_packets = ISC_FALSE;
ep->flags |= INT_MCASTIF;
+ ep->ifindex = SCOPE(addr);
strlcpy(ep->name, "multicast", sizeof(ep->name));
DPRINT_INTERFACE(2, (ep, "multicast add ", "\n"));
@@ -2895,7 +2896,7 @@ open_socket(
if (isc_win32os_versioncheck(5, 1, 0, 0) < 0) /* before 5.1 */
#endif
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
- (char *)((turn_off_reuse)
+ (void *)((turn_off_reuse)
? &off
: &on),
sizeof(on))) {
@@ -2923,7 +2924,7 @@ open_socket(
*/
if (IS_IPV4(addr)) {
#if defined(IPPROTO_IP) && defined(IP_TOS)
- if (setsockopt(fd, IPPROTO_IP, IP_TOS, (char*)&qos,
+ if (setsockopt(fd, IPPROTO_IP, IP_TOS, (void *)&qos,
sizeof(qos)))
msyslog(LOG_ERR,
"setsockopt IP_TOS (%02x) fails on address %s: %m",
@@ -2938,7 +2939,7 @@ open_socket(
*/
if (IS_IPV6(addr)) {
#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS)
- if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (char*)&qos,
+ if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (void *)&qos,
sizeof(qos)))
msyslog(LOG_ERR,
"setsockopt IPV6_TCLASS (%02x) fails on address %s: %m",
@@ -2947,14 +2948,14 @@ open_socket(
#ifdef IPV6_V6ONLY
if (isc_net_probe_ipv6only() == ISC_R_SUCCESS
&& setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
- (char*)&on, sizeof(on)))
+ (void *)&on, sizeof(on)))
msyslog(LOG_ERR,
"setsockopt IPV6_V6ONLY on fails on address %s: %m",
stoa(addr));
#endif
#ifdef IPV6_BINDV6ONLY
if (setsockopt(fd, IPPROTO_IPV6, IPV6_BINDV6ONLY,
- (char*)&on, sizeof(on)))
+ (void *)&on, sizeof(on)))
msyslog(LOG_ERR,
"setsockopt IPV6_BINDV6ONLY on fails on address %s: %m",
stoa(addr));
@@ -3006,7 +3007,7 @@ open_socket(
#ifdef HAVE_TIMESTAMP
{
if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP,
- (char*)&on, sizeof(on)))
+ (void *)&on, sizeof(on)))
msyslog(LOG_DEBUG,
"setsockopt SO_TIMESTAMP on fails on address %s: %m",
stoa(addr));
@@ -3018,7 +3019,7 @@ open_socket(
#ifdef HAVE_TIMESTAMPNS
{
if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS,
- (char*)&on, sizeof(on)))
+ (void *)&on, sizeof(on)))
msyslog(LOG_DEBUG,
"setsockopt SO_TIMESTAMPNS on fails on address %s: %m",
stoa(addr));
@@ -3030,7 +3031,7 @@ open_socket(
#ifdef HAVE_BINTIME
{
if (setsockopt(fd, SOL_SOCKET, SO_BINTIME,
- (char*)&on, sizeof(on)))
+ (void *)&on, sizeof(on)))
msyslog(LOG_DEBUG,
"setsockopt SO_BINTIME on fails on address %s: %m",
stoa(addr));
@@ -3091,6 +3092,7 @@ sendpkt(
int cc;
int rc;
u_char cttl;
+ l_fp fp_zero = { 0, 0 };
ismcast = IS_MCAST(dest);
if (!ismcast)
@@ -3174,6 +3176,19 @@ sendpkt(
if (ismcast)
src = src->mclink;
} while (ismcast && src != NULL);
+
+ /* HMS: pkt->rootdisp is usually random here */
+ record_raw_stats(src ? &src->sin : NULL, dest,
+ &pkt->org, &pkt->rec, &pkt->xmt, &fp_zero,
+ PKT_MODE(pkt->li_vn_mode),
+ PKT_VERSION(pkt->li_vn_mode),
+ PKT_LEAP(pkt->li_vn_mode),
+ pkt->stratum,
+ pkt->ppoll, pkt->precision,
+ pkt->rootdelay, pkt->rootdisp, pkt->refid,
+ len - MIN_V4_PKT_LEN, (u_char *)&pkt->exten);
+
+ return;
}
@@ -3960,6 +3975,17 @@ findlocalinterface(
DPRINTF(4, ("Finding interface for addr %s in list of addresses\n",
stoa(addr)));
+ /* [Bug 3437] The dummy POOL peer comes in with an AF of
+ * zero. This is bound to fail, but on the way to nowhere it
+ * triggers a security incident on SELinux.
+ *
+ * Checking the condition and failing early is probably a good
+ * advice, and even saves us some syscalls in that case.
+ * Thanks to Miroslav Lichvar for finding this.
+ */
+ if (AF_UNSPEC == AF(addr))
+ return NULL;
+
s = socket(AF(addr), SOCK_DGRAM, 0);
if (INVALID_SOCKET == s)
return NULL;
@@ -3972,7 +3998,7 @@ findlocalinterface(
on = 1;
if (SOCKET_ERROR == setsockopt(s, SOL_SOCKET,
SO_BROADCAST,
- (char *)&on,
+ (void *)&on,
sizeof(on))) {
closesocket(s);
return NULL;
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-06 12:40:48 +0000