From 4cd04668f0e28927b7efb39e0699719813f66f51 Mon Sep 17 00:00:00 2001
From: wangli <wangli221@huawei.com>
Date: Wed, 15 Apr 2020 06:40:22 +0800
Subject: [PATCH] process_control() should bail earlier on short packets

---
 ntpd/ntp_control.c      |   19 +-
 1 files changed, 21 insertions(+), 28 deletions(-)
 create mode 100644 ntpd/ntp_control.c.orig

diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c
index 48cd908..5984c8c 100644
--- a/ntpd/ntp_control.c
+++ b/ntpd/ntp_control.c
@@ -1187,15 +1187,21 @@ process_control(
 	pkt = (struct ntp_control *)&rbufp->recv_pkt;
 
 	/*
-	 * If the length is less than required for the header, or
-	 * it is a response or a fragment, ignore this.
+	 * If the length is less than required for the header,
+	 * ignore it.
 	 */
-	if (rbufp->recv_length < (int)CTL_HEADER_LEN
-	    || (CTL_RESPONSE | CTL_MORE | CTL_ERROR) & pkt->r_m_e_op
+	if (rbufp->recv_length < (int)CTL_HEADER_LEN) {
+		DPRINTF(1, ("Short control packet\n"));
+		numctltooshort++;
+		return;
+	}
+
+	/*
+	 * If this packet is a response or a fragment, ignore it.
+	 */
+	if ( (CTL_RESPONSE | CTL_MORE | CTL_ERROR) & pkt->r_m_e_op
 	    || pkt->offset != 0) {
 		DPRINTF(1, ("invalid format in control packet\n"));
-		if (rbufp->recv_length < (int)CTL_HEADER_LEN)
-			numctltooshort++;
 		if (CTL_RESPONSE & pkt->r_m_e_op)
 			numctlinputresp++;
 		if (CTL_MORE & pkt->r_m_e_op)
@@ -1206,6 +1212,7 @@ process_control(
 			numctlbadoffset++;
 		return;
 	}
+
 	res_version = PKT_VERSION(pkt->li_vn_mode);
 	if (res_version > NTP_VERSION || res_version < NTP_OLDVERSION) {
 		DPRINTF(1, ("unknown version %d in control packet\n",