networkd: refuse more than 128 NTP servers

This test case is a bit silly, but it shows that our code is unprepared to handle so many network servers, with quadratic complexity in various places. I don't think there are any valid reasons to have hundres of NTP servers configured, so let's just emit a warning and cut the list short. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13354
2019-02-27 14:45:29 +01:00 · 2019-02-27 14:45:29 +01:00 · c448459d56
parent 83ec459276
commit c448459d56
2 changed files with 11 additions and 3 deletions
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@ -23,6 +23,9 @@
 #include "strv.h"
 #include "util.h"

+/* Let's assume that anything above this number is a user misconfiguration. */
+#define MAX_NTP_SERVERS 128
+
 static void network_config_hash_func(const NetworkConfigSection *c, struct siphash *state) {
        siphash24_compress(c->filename, strlen(c->filename), state);
        siphash24_compress(&c->line, sizeof(c->line), state);
@ -1462,11 +1465,16 @@ int config_parse_ntp(
                        continue;
                }

-                r = strv_push(l, w);
+                if (strv_length(*l) > MAX_NTP_SERVERS) {
+                        log_syntax(unit, LOG_WARNING, filename, line, 0,
+                                   "More than %u NTP servers specified, ignoring \"%s\" and any subsequent entries.",
+                                   MAX_NTP_SERVERS, w);
+                        break;
+                }
+
+                r = strv_consume(l, TAKE_PTR(w));
                if (r < 0)
                        return log_oom();
-
-                w = NULL;
        }

        return 0;
--- a/test/fuzz/fuzz-network-parser/oss-fuzz-13354
+++ b/test/fuzz/fuzz-network-parser/oss-fuzz-13354