2 files changed, 31 insertions, 5 deletions

diff --git a/net/ntp4/files/patch-sum b/net/ntp4/files/patch-sum
index 29ea04b0d04..0af98b2c346 100644
--- a/net/ntp4/files/patch-sum
+++ b/net/ntp4/files/patch-sum
@@ -1,6 +1,3 @@
-$NetBSD: patch-sum,v 1.2 1999/11/14 05:23:27 fredb Exp $
+$NetBSD: patch-sum,v 1.3 2001/04/06 15:21:05 fredb Exp $
 
-This placeholder file is generated by the ``makepatchsum'' target
-whenever the patches directory is empty or missing. Its purpose
-is to ensure that the presence of any obsolete patches will cause
-the proper error to be emitted at build time.
+SHA1 (patch-aa) = 2ba2b21de71a6855e4290aa8a0ab96216e156937
diff --git a/net/ntp4/patches/patch-aa b/net/ntp4/patches/patch-aa
new file mode 100644
index 00000000000..b561b273854
--- /dev/null
+++ b/net/ntp4/patches/patch-aa
@@ -0,0 +1,29 @@
+$NetBSD: patch-aa,v 1.3 2001/04/06 15:21:06 fredb Exp $
+
+--- ntpd/ntp_control.c	2000/04/22 14:53:15	1.1.1.2
++++ ntpd/ntp_control.c	2001/04/05 09:45:27	1.1.1.2.4.1
+@@ -1812,9 +1812,22 @@
+ 					while (cp < reqend &&
+ 					    isspace((int)*cp))
+ 						cp++;
+-					while (cp < reqend && *cp !=
+-					    ',')
++					while (cp < reqend && *cp != ',') {
+ 						*tp++ = *cp++;
++						if (tp >=
++						    buf + sizeof(buf) - 1) {
++#if 0	/* don't syslog for now - DoS potential on filling syslog */
++							msyslog(LOG_WARNING,
++    "Attempted \"ntpdx\" exploit from IP %d.%d.%d.%d:%d (possibly spoofed)\n",
++    (ntohl(rmt_addr->sin_addr.s_addr) >> 24) & 0xff,
++    (ntohl(rmt_addr->sin_addr.s_addr) >> 16) & 0xff,
++    (ntohl(rmt_addr->sin_addr.s_addr) >> 8) & 0xff,
++    (ntohl(rmt_addr->sin_addr.s_addr) >> 0) & 0xff,
++    ntohs(rmt_addr->sin_port));
++#endif
++							return (0);
++						}
++					}
+ 					if (cp < reqend)
+ 						cp++;
+ 					*tp = '\0';