validate NTP responses (fixes #3515)
* purge old (not yet processes) NTP responses * validate server responses before updating WLED time * purge receive buffer when package is rejected (avoids mem leak on esp32)
This commit is contained in:
parent
75f6a53269
commit
1e29d9463e
@ -375,7 +375,8 @@
|
||||
#define SUBPAGE_JS 254
|
||||
#define SUBPAGE_WELCOME 255
|
||||
|
||||
#define NTP_PACKET_SIZE 48
|
||||
#define NTP_PACKET_SIZE 48 // size of NTP recive buffer
|
||||
#define NTP_MIN_PACKET_SIZE 48 // min expected size - NTP v4 allows for "extended information" appended to the standard fields
|
||||
|
||||
//maximum number of rendered LEDs - this does not have to match max. physical LEDs, e.g. if there are virtual busses
|
||||
#ifndef MAX_LEDS
|
||||
|
@ -199,6 +199,9 @@ void handleNetworkTime()
|
||||
{
|
||||
if (millis() - ntpPacketSentTime > 10000)
|
||||
{
|
||||
#ifdef ARDUINO_ARCH_ESP32 // I had problems using udp.flush() on 8266
|
||||
while (ntpUdp.parsePacket() > 0) ntpUdp.flush(); // flush any existing packets
|
||||
#endif
|
||||
sendNTPPacket();
|
||||
ntpPacketSentTime = millis();
|
||||
}
|
||||
@ -239,16 +242,38 @@ void sendNTPPacket()
|
||||
ntpUdp.endPacket();
|
||||
}
|
||||
|
||||
static bool isValidNtpResponse(byte * ntpPacket) {
|
||||
// Perform a few validity checks on the packet
|
||||
// based on https://github.com/taranais/NTPClient/blob/master/NTPClient.cpp
|
||||
if((ntpPacket[0] & 0b11000000) == 0b11000000) return false; //reject LI=UNSYNC
|
||||
// if((ntpPacket[0] & 0b00111000) >> 3 < 0b100) return false; //reject Version < 4
|
||||
if((ntpPacket[0] & 0b00000111) != 0b100) return false; //reject Mode == Server
|
||||
if((ntpPacket[1] < 1) || (ntpPacket[1] > 15)) return false; //reject invalid Stratum
|
||||
if( ntpPacket[16] == 0 && ntpPacket[17] == 0 &&
|
||||
ntpPacket[18] == 0 && ntpPacket[19] == 0 &&
|
||||
ntpPacket[20] == 0 && ntpPacket[21] == 0 &&
|
||||
ntpPacket[22] == 0 && ntpPacket[23] == 0) //reject ReferenceTimestamp == 0
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool checkNTPResponse()
|
||||
{
|
||||
int cb = ntpUdp.parsePacket();
|
||||
if (!cb) return false;
|
||||
if (cb < NTP_MIN_PACKET_SIZE) {
|
||||
#ifdef ARDUINO_ARCH_ESP32 // I had problems using udp.flush() on 8266
|
||||
if (cb > 0) ntpUdp.flush(); // this avoids memory leaks on esp32
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
|
||||
uint32_t ntpPacketReceivedTime = millis();
|
||||
DEBUG_PRINT(F("NTP recv, l="));
|
||||
DEBUG_PRINTLN(cb);
|
||||
byte pbuf[NTP_PACKET_SIZE];
|
||||
ntpUdp.read(pbuf, NTP_PACKET_SIZE); // read the packet into the buffer
|
||||
if (!isValidNtpResponse(pbuf)) return false; // verify we have a valid response to client
|
||||
|
||||
Toki::Time arrived = toki.fromNTP(pbuf + 32);
|
||||
Toki::Time departed = toki.fromNTP(pbuf + 40);
|
||||
|
Loading…
Reference in New Issue
Block a user