Skip to content

Fix NTP Authenticator parsing for non-MD5 digests (SHA1, SHA256, SHA512)#4917

Closed
Copilot wants to merge 1 commit intomasterfrom
copilot/check-oldest-issues
Closed

Fix NTP Authenticator parsing for non-MD5 digests (SHA1, SHA256, SHA512)#4917
Copilot wants to merge 1 commit intomasterfrom
copilot/check-oldest-issues

Conversation

Copy link

Copilot AI commented Feb 14, 2026
edited
Loading

NTP Authenticator fields were hardcoded to MD5's 16-byte digest size, causing misaligned parsing for SHA1/SHA256/SHA384/SHA512 MACs. The _NTPAuthenticatorPaddingField always assumed a 20-byte tail (4 key_id + 16 MD5 digest), so for e.g. SHA1 (24 bytes total), the first 4 bytes of digest were consumed as padding, key_id read digest bytes, and dgst was truncated.

  • _NTPAuthenticatorPaddingField: Computes tail size dynamically by matching against known valid MAC sizes (20/24/36/52/68) instead of hardcoding _NTP_AUTH_MD5_TAIL_SIZE
  • NTPAuthenticator.dgst: Changed from XStrFixedLenField with fixed 16-byte length to XStrField to consume all remaining bytes after key_id
  • NTPExtPacketListField.getfield(): Same dynamic tail size detection when splitting extensions from MAC
  • NTPHeader.guess_payload_class(): Added SHA384 (48-byte) digest to the recognized sizes
  • NTPExtensions: _NTPAuthenticatorPaddingField also updated to use dynamic sizing via a new _ntp_auth_tail_size() helper
# Before: SHA1 authenticator parsed incorrectly
# padding='\x00\x00\x00\x0c', key_id=3523582088, dgst=<truncated 16 bytes>

# After: correctly parsed
# padding=None, key_id=12, dgst=<full 20-byte SHA1 digest>

Added tests for SHA1 (24-byte) and SHA256 (36-byte) NTP authenticator dissection and round-trip build/parse.

Original prompt

Check the 5 oldest issues. Are they still issues in current master?

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@codecov
Copy link

codecov bot commented Feb 14, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.10%. Comparing base (ded1d73) to head (cdc5758).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #4917   +/-   ##
=======================================
  Coverage   80.10%   80.10%           
=======================================
  Files         370      370           
  Lines       91727    91727           
=======================================
  Hits        73477    73477           
  Misses      18250    18250

see 6 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI changed the title [WIP] Check if oldest issues are still present in current master Fix NTP Authenticator parsing for non-MD5 digests (SHA1, SHA256, SHA512) Feb 14, 2026
Copilot AI requested a review from guedou February 14, 2026 12:42
@guedou guedou requested review from Copilot and removed request for guedou February 14, 2026 12:46
Copilot AI reviewed Feb 14, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI mentioned this pull request Feb 14, 2026
Draft
11 tasks
@guedou guedou closed this Feb 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@guedou guedou

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@guedou