From a5ca9364ef824c2e2505ab1a0fde89e955d3504f Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Mon, 19 Feb 2018 14:25:57 +0000
Subject: [PATCH] more NTP response sanity checks

---
 .../java/src/net/i2p/router/time/NtpClient.java  | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/router/java/src/net/i2p/router/time/NtpClient.java b/router/java/src/net/i2p/router/time/NtpClient.java
index 6b649ec7b..76498b3b7 100644
--- a/router/java/src/net/i2p/router/time/NtpClient.java
+++ b/router/java/src/net/i2p/router/time/NtpClient.java
@@ -234,6 +234,22 @@ public class NtpClient {
                 return null;
             }
 
+            // More sanity checks
+            // See http://doolittle.icarus.com/ntpclient/README
+            // See RFC 4330 Sec. 5
+            if (msg.leapIndicator == 3 ||
+                msg.version < 3 ||
+                // 4 for server. Above reference is wrong, it says 3 which is client.
+                msg.mode != 4 ||
+                msg.transmitTimestamp <= 0 ||
+                // following values are in seconds, vs. 1/65536 seconds in above reference
+                Math.abs(msg.rootDelay) > 1.0d ||
+                Math.abs(msg.rootDispersion) > 1.0d) {
+                if (log != null && log.shouldWarn())
+                    log.warn("Failed sanity checks:\n" + msg);
+                return null;
+            }
+
             // KoD check (AFTER spoof checks)
             if (msg.stratum == 0) {
                 why = msg.referenceIdentifierToString();