timesync: check validity of NTP server name or address

diff --git a/src/timesync/test-timesync.c b/src/timesync/test-timesync.c
index 02fb2b7cf0884c8599e5554cf0c27eaae2f78132..2bf484f121e0bfc8134f4ce66c3c9aa92bc33af0 100644 (file)
--- a/src/timesync/test-timesync.c
+++ b/src/timesync/test-timesync.c
@@ -24,9 +24,9 @@ static void test_manager_parse_string(void) {
         assert_se(m->have_fallbacks);
         assert_se(manager_parse_fallback_string(m, NTP_SERVERS) == 0);
 
-        assert_se(manager_parse_server_string(m, SERVER_SYSTEM, "time1.foobar.com time2.foobar.com") == 0);
-        assert_se(manager_parse_server_string(m, SERVER_FALLBACK, "time1.foobar.com time2.foobar.com") == 0);
-        assert_se(manager_parse_server_string(m, SERVER_LINK, "time1.foobar.com time2.foobar.com") == 0);
+        assert_se(manager_parse_server_string(m, SERVER_SYSTEM, "time1.foobar.com time2.foobar.com axrfav.,avf..ra 12345..123") == 0);
+        assert_se(manager_parse_server_string(m, SERVER_FALLBACK, "time1.foobar.com time2.foobar.com axrfav.,avf..ra 12345..123") == 0);
+        assert_se(manager_parse_server_string(m, SERVER_LINK, "time1.foobar.com time2.foobar.com axrfav.,avf..ra 12345..123") == 0);
 }
 
 int main(int argc, char **argv) {

diff --git a/src/timesync/timesyncd-conf.c b/src/timesync/timesyncd-conf.c
index 23ee8f73d44fa6883a662f61596400dc9f530575..506781e1cc1174d0b727209413a8b267f3a909d0 100644 (file)
--- a/src/timesync/timesyncd-conf.c
+++ b/src/timesync/timesyncd-conf.c
@@ -7,6 +7,7 @@
 
 #include "alloc-util.h"
 #include "def.h"
+#include "dns-domain.h"
 #include "extract-word.h"
 #include "string-util.h"
 #include "timesyncd-conf.h"
@@ -36,6 +37,14 @@ int manager_parse_server_string(Manager *m, ServerType type, const char *string)
                 if (r == 0)
                         break;
 
+                r = dns_name_is_valid_or_address(word);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to check validity of NTP server name or address '%s': %m", word);
+                if (r == 0) {
+                        log_error("Invalid NTP server name or address, ignoring: %s", word);
+                        continue;
+                }
+
                 /* Filter out duplicates */
                 LIST_FOREACH(names, n, first)
                         if (streq_ptr(n->string, word)) {

diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c
index 46036c41f75fa50d5b2d7685b0b73538218b18a3..2c565aa8f8dce506cde11498a7354d199477f3e1 100644 (file)
--- a/src/timesync/timesyncd-manager.c
+++ b/src/timesync/timesyncd-manager.c
@@ -20,6 +20,7 @@
 #include "sd-daemon.h"
 
 #include "alloc-util.h"
+#include "dns-domain.h"
 #include "fd-util.h"
 #include "fs-util.h"
 #include "list.h"
@@ -968,6 +969,15 @@ static int manager_network_read_link_servers(Manager *m) {
         STRV_FOREACH(i, ntp) {
                 bool found = false;
 
+                r = dns_name_is_valid_or_address(*i);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to check validity of NTP server name or address '%s': %m", *i);
+                        goto clear;
+                } else if (r == 0) {
+                        log_error("Invalid NTP server name or address, ignoring: %s", *i);
+                        continue;
+                }
+
                 LIST_FOREACH(names, n, m->link_servers)
                         if (streq(n->string, *i)) {
                                 n->marked = false;