From owner-svn-src-head@FreeBSD.ORG Tue Dec 23 09:57:07 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8F50B510; Tue, 23 Dec 2014 09:57:07 +0000 (UTC) Received: from acme.spoerlein.net (unknown [IPv6:2a02:2528:fa:1000::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.spoerlein.net", Issuer "CAcert Class 3 Root" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 0C2B81F14; Tue, 23 Dec 2014 09:57:06 +0000 (UTC) Received: from localhost (acme.spoerlein.net [IPv6:2a02:2528:fa:1000::1]) by acme.spoerlein.net (8.14.9/8.14.9) with ESMTP id sBN9v3r5003176 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 23 Dec 2014 10:57:03 +0100 (CET) (envelope-from uqs@FreeBSD.org) Date: Tue, 23 Dec 2014 10:57:03 +0100 From: Ulrich =?utf-8?B?U3DDtnJsZWlu?= To: Xin LI Subject: Re: svn commit: r276071 - in head/contrib/ntp: ntpd util Message-ID: <20141223095703.GA6306@acme.spoerlein.net> Mail-Followup-To: Ulrich =?utf-8?B?U3DDtnJsZWlu?= , Xin LI , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org References: <201412221854.sBMIsuva096658@svn.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201412221854.sBMIsuva096658@svn.freebsd.org> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2014 09:57:07 -0000 On Mon, 2014-12-22 at 18:54:56 +0000, Xin LI wrote: > Author: delphij > Date: Mon Dec 22 18:54:55 2014 > New Revision: 276071 > URL: https://svnweb.freebsd.org/changeset/base/276071 > > Log: > Fix multiple ntp vulnerabilities. > > Reviewed by: roberto (earlier revision), philip > Security: CVE-2014-9293, CVE-2014-9294 > Security: CVE-2014-9295, CVE-2014-9296 > Security: FreeBSD-SA-14:31.ntp > > Differential Revision: https://reviews.freebsd.org/D1343 > Hi the latest Coverity run (which should include these patches, I think) still flags two DEADCODEs in ntp_proto.c: ________________________________________________________________________________________________________ *** CID 1260388: Logically dead code (DEADCODE) /contrib/ntp/ntpd/ntp_proto.c: 702 in receive() 696 if (!(rbufp->dstadr->flags & INT_MCASTOPEN)) { 697 if (AUTH(restrict_mask & RES_DONTTRUST, 698 is_authentic)) 699 fast_xmit(rbufp, MODE_SERVER, skeyid, 700 restrict_mask); 701 else if (is_authentic == AUTH_ERROR) >>> CID 1260388: Logically dead code (DEADCODE) >>> Execution cannot reach this statement "fast_xmit(rbufp, 4, 0U, res...". 702 fast_xmit(rbufp, MODE_SERVER, 0, 703 restrict_mask); 704 return; /* hooray */ 705 } 706 707 /* /contrib/ntp/ntpd/ntp_proto.c: 869 in receive() 863 * symmetric active response is sent. If authentication 864 * fails, send a crypto-NAK packet. 865 */ 866 if (!AUTH(restrict_mask & RES_DONTTRUST, is_authentic)) 867 { 868 if (is_authentic == AUTH_ERROR) >>> CID 1260388: Logically dead code (DEADCODE) >>> Execution cannot reach this statement "fast_xmit(rbufp, 1, 0U, res...". 869 fast_xmit(rbufp, MODE_ACTIVE, 0, 870 restrict_mask); 871 return; /* bad auth */ 872 } 873 if (!AUTH(sys_authenticate | (restrict_mask & 874 RES_NOPEER), is_authentic)) {