Prevent ntpd instances from sending MODE_PRIVATE error responses back and

forth. This resolves CVE-2009-3563, but it should be noted that nobody uses
this code so far, so this is more of a preventive update than a security
one.

external/bsd/ntp/dist/ntpd/ntp_request.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: ntp_request.c,v 1.2 2009/12/14 00:46:21 christos Exp $	*/
+/*	$NetBSD: ntp_request.c,v 1.3 2010/04/25 22:50:11 tonnerre Exp $	*/
 
 /*
  * ntp_request.c - respond to information requests
@@ -411,6 +411,7 @@ process_private(
 	int mod_okay
 	)
 {
+	static u_long quiet_until;
 	struct req_pkt *inpkt;
 	struct req_pkt_tail *tailinpkt;
 	sockaddr_u *srcadr;
@@ -449,8 +450,14 @@ process_private(
 	    || (++ec, INFO_MBZ(inpkt->mbz_itemsize) != 0)
 	    || (++ec, rbufp->recv_length < REQ_LEN_HDR)
 		) {
-		msyslog(LOG_ERR, "process_private: INFO_ERR_FMT: test %d failed, pkt from %s", ec, stoa(srcadr));
-		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
+		NLOG(NLOG_SYSEVENT)
+			if (current_time >= quiet_until) {
+				msyslog(LOG_ERR,
+					"process_private: drop test %d"
+					" failed, pkt from %s",
+					ec, stoa(srcadr));
+				quiet_until = current_time + 60;
+			}
 		return;
 	}