NTP BUG 3661: Memory leak with CMAC keys
Last update: June 27, 2022 20:45 UTC (51d68a4aa)
Systems that use a CMAC algorithm in
ntp.keys will not release a bit of memory on each packet that uses a CMAC keyid, eventually causing
ntpd to run out of memory and fail. The CMAC cleanup, part of ntp-4.2.8p11, introduced a bug whereby the CMAC data structure was no longer completely removed.
- If you are using ntp-4.2.8p11 through ntp-4.2.8p14 or ntp-4.3.97 through ntp-4.3.100, either don’t use CMAC keys, or make sure you have a way to restart
ntpd if/when it crashes.
- Upgrade to 4.2.8p15 or later.
Reported by Martin Burnicki of Meinberg.