[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #50824] Bug in SNTP POLL mode

From: Dirk Ziegelmeier
Subject: [lwip-devel] [bug #50824] Bug in SNTP POLL mode
Date: Tue, 18 Apr 2017 06:20:06 -0400 (EDT)
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0


                 Summary: Bug in SNTP POLL mode
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: dziegel
            Submitted on: Tue 18 Apr 2017 10:20:04 AM UTC
                Category: apps
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: git head




There is few issues with SNTP. It propably should not handle SNTP frames (in
POLL mode) if it has not requested time update?

This because in current code, while in POLL mode waiting INTERVAL to send new
request, a "reply" (without request) is received and timers are stopped:

  /* packet received: stop retry timeout  */
  sys_untimeout(sntp_try_next_server, NULL);
  sys_untimeout(sntp_request, NULL);

- If the frame has sender address which is not "sntp_last_server_address",
SNTP will use err code ERR_TIMEOUT and does not resume timers   => Time update
request is never sent.
  /* packet from wrong remote address or port, wait for correct response */
  err = ERR_TIMEOUT;

- Same result as above, but with frame where MODE has been modified from
         LWIP_DEBUGF(SNTP_DEBUG_WARN, ("sntp_recv: Invalid mode in response:
%"U16_F"\n", (u16_t)mode));
        /* wait for correct response */
        err = ERR_TIMEOUT;
- Third issue is that if you send too short SNTP frame, it will use error code
ERR_ARG and calls sntp_retry. This could be used to make LwIP SNTP clients
send too fast new request to the real SNTP server.

Also when we are expecting a reply, it should be made sure that in case of
invalid reply, we either resume timers and wait for proper reply or restart
timers to make sure we poll again.

I actually couldn't get too short frame in so I was not able to reproduce the
last one, but by looking the code this could happen. First two can be easily
reproduced by sending a modified frame.

Esa Hill


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]