You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by se...@apache.org on 2021/11/11 00:26:00 UTC
[commons-net] branch master updated: [NTP] Fix NET-704:
NTPUDPClient does not check response packet pairing.
This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-net.git
The following commit(s) were added to refs/heads/master by this push:
new 1e32f35 [NTP] Fix NET-704: NTPUDPClient does not check response packet pairing.
new eb0181a Merge pull request #92 from dzolo/NET-704
1e32f35 is described below
commit 1e32f35c5a1064fbf638e18032f62c8aae4a5b4a
Author: Ondřej Fibich <of...@techniserv.cz>
AuthorDate: Mon Nov 8 07:58:28 2021 +0100
[NTP] Fix NET-704: NTPUDPClient does not check response packet pairing.
---
src/main/java/org/apache/commons/net/ntp/NTPUDPClient.java | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/main/java/org/apache/commons/net/ntp/NTPUDPClient.java b/src/main/java/org/apache/commons/net/ntp/NTPUDPClient.java
index 207dea9..cb0d465 100644
--- a/src/main/java/org/apache/commons/net/ntp/NTPUDPClient.java
+++ b/src/main/java/org/apache/commons/net/ntp/NTPUDPClient.java
@@ -70,7 +70,8 @@ public final class NTPUDPClient extends DatagramSocketClient
* @param host The address of the server.
* @param port The port of the service.
* @return The time value retrieved from the server.
- * @throws IOException If an error occurs while retrieving the time.
+ * @throws IOException If an error occurs while retrieving the time or if
+ * received packet does not match the request.
*/
public TimeInfo getTime(final InetAddress host, final int port) throws IOException
{
@@ -106,6 +107,13 @@ public final class NTPUDPClient extends DatagramSocketClient
_socket_.receive(receivePacket);
final long returnTimeMillis = System.currentTimeMillis();
+
+ // Prevent invalid time information if response does not match request
+ if (!now.equals(recMessage.getOriginateTimeStamp()))
+ {
+ throw new IOException("Originate time does not match the request");
+ }
+
// create TimeInfo message container but don't pre-compute the details yet
return new TimeInfo(recMessage, returnTimeMillis, false);
}