faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ntp: limit number of sources

Browse source 
Don't rely on assertions and running out of memory to terminate if
an extremely large number of sources is added. Set the maximum number
to 65536 to have a practical limit where chronyd still has a chance to
appear functional with some operations having a quadratic time
complexity.
This commit is contained in:
Miroslav Lichvar 2021-02-10 13:21:37 +01:00
parent 3f2806c19c
commit 4d139eeca6
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ntp_sources.c
View file

@ -45,6 +45,9 @@
/* ================================================== */ /* ================================================== */
/* Maximum number of sources */
#define MAX_SOURCES 65536
/* Record type private to this file, used to store information about /* Record type private to this file, used to store information about
particular sources */ particular sources */
typedef struct { typedef struct {
@ -336,6 +339,8 @@ add_source(NTP_Remote_Address *remote_addr, char *name, NTP_Source_Type type,
} else if (!name && !UTI_IsIPReal(&remote_addr->ip_addr)) { } else if (!name && !UTI_IsIPReal(&remote_addr->ip_addr)) {
/* Name is required for non-real addresses */ /* Name is required for non-real addresses */
return NSR_InvalidName; return NSR_InvalidName;
} else if (n_sources >= MAX_SOURCES) {
return NSR_TooManySources;
} else { } else {
if (remote_addr->ip_addr.family != IPADDR_INET4 && if (remote_addr->ip_addr.family != IPADDR_INET4 &&
remote_addr->ip_addr.family != IPADDR_INET6 && remote_addr->ip_addr.family != IPADDR_INET6 &&