RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 02:17:35 +00:00
Code Issues Activity Actions

ntpquery: Don't leak local time, and check origin time in reply

Browse source 
This implements the transmit time suggestion in (abandoned?)
draft-ietf-ntp-data-minimization. (The other suggestions were already
implemented as far as I can tell.)
This commit is contained in:
Nico Weber 2020-10-16 15:59:53 -04:00 committed by Andreas Kling
parent 019788a150
commit 5f50af3b4f
2 changed files with 14 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
AK/Random.h
View file

@ -62,3 +62,6 @@ inline T get_random()
} }
} }
using AK::fill_with_random;
using AK::get_random;

13
Userland/ntpquery.cpp
View file

@ -25,6 +25,7 @@
*/ */
#define _GNU_SOURCE #define _GNU_SOURCE
#include <AK/Random.h>
#include <LibCore/ArgsParser.h> #include <LibCore/ArgsParser.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <endian.h> #include <endian.h>
@ -168,9 +169,12 @@ int main(int argc, char** argv)
packet.li_vn_mode = (4 << 3) | 3; // Version 4, client connection. packet.li_vn_mode = (4 << 3) | 3; // Version 4, client connection.
// The server will copy the transmit_timestamp to origin_timestamp in the reply. // The server will copy the transmit_timestamp to origin_timestamp in the reply.
// To not leak the local time, keep the time we sent the packet locally and
// send random bytes to the server.
auto random_transmit_timestamp = get_random<NtpTimestamp>();
timeval local_transmit_time; timeval local_transmit_time;
gettimeofday(&local_transmit_time, nullptr); gettimeofday(&local_transmit_time, nullptr);
packet.transmit_timestamp = htobe64(ntp_timestamp_from_timeval(local_transmit_time)); packet.transmit_timestamp = random_transmit_timestamp;
ssize_t rc; ssize_t rc;
rc = sendto(fd, &packet, sizeof(packet), 0, (const struct sockaddr*)&peer_address, sizeof(peer_address)); rc = sendto(fd, &packet, sizeof(packet), 0, (const struct sockaddr*)&peer_address, sizeof(peer_address));
@ -205,7 +209,12 @@ int main(int argc, char** argv)
timeval kernel_receive_time; timeval kernel_receive_time;
memcpy(&kernel_receive_time, CMSG_DATA(cmsg), sizeof(kernel_receive_time)); memcpy(&kernel_receive_time, CMSG_DATA(cmsg), sizeof(kernel_receive_time));
NtpTimestamp origin_timestamp = be64toh(packet.origin_timestamp); if (packet.origin_timestamp != random_transmit_timestamp) {
fprintf(stderr, "expected %#016llx as origin timestamp, got %#016llx\n", random_transmit_timestamp, packet.origin_timestamp);
return 1;
}
NtpTimestamp origin_timestamp = ntp_timestamp_from_timeval(local_transmit_time);
NtpTimestamp receive_timestamp = be64toh(packet.receive_timestamp); NtpTimestamp receive_timestamp = be64toh(packet.receive_timestamp);
NtpTimestamp transmit_timestamp = be64toh(packet.transmit_timestamp); NtpTimestamp transmit_timestamp = be64toh(packet.transmit_timestamp);
NtpTimestamp destination_timestamp = ntp_timestamp_from_timeval(kernel_receive_time); NtpTimestamp destination_timestamp = ntp_timestamp_from_timeval(kernel_receive_time);