The function, tlv_post_recv, and the functions it calls don't check
the length of the tlv before flipping the byte order of fields. An
attacker (or a really buggy client) can craft a message causing the
byte order of data outside the received message to be flipped.
None of the supported tlvs are large enough to flip bytes outside the
ptp_message struct, which could corrupt the heap. However, it's easy
to mess up the message's refcnt field, leading to memory leaks.
The fix is to check that the tlv length is what is expected when
receiving, and tlv_post_recv needs to return an int to signal when a
tlv is invalid.
Signed-off-by: Geoff Salmon <gsalmon@se-instruments.com>
The PPS time stamps are always made by the system clock, don't allow
running the PPS loop with other clocks.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
In the PPS loop, instead of setting the system clock from the PHC only
once on start, read PHC with each PPS sample and use the time stamp to
get the whole number of seconds in the offset. This will prevent phc2sys
from losing track of the system clock.
Also, check if the PPS is synchronized to the PHC.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
With non-PPS loops let the servo make the inital correction. Move the
code to the PPS loop and change it to use the sample filtering to reduce
the error in the initial correction.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Instead of always starting at zero frequency offset, read the currently
stored value on start and pass it to the servo. As the read may silently
fail and return zero, set the clock frequency back to the read value to
make sure it's always equal to the actual frequency of the clock.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Similarly to the servo in phc2sys, when clock is stepped, set
immediately also its frequency. This significantly improves the initial
convergence with large frequency offsets.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Current date stored in nanoseconds doesn't fit in 64-bit double format.
Keep the offset and the time stamp in integer nanoseconds.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
This means no conversion is necessary between the transport_type and
the networkProtocol field of the PortAddress struct. Not currently an
issue, but will be needed for implementing the CLOCK_DESCRIPTION
management TLV.
Previously if a command's full name was a prefix of another command
then parse_id would return AMBIGUOUS_ID. This was a problem for the
TIME and various TIME_* messages.
The code previously treated all supported request as 'get' actions and
ignored the actual action field in the message. This commit makes the
code look at the action field when processing the requests.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
Reforming the data structure in this way will greatly simplify the
implementation of the management message for this data set.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>