ntp: limit number of sources

Don't rely on assertions and running out of memory to terminate if
an extremely large number of sources is added. Set the maximum number
to 65536 to have a practical limit where chronyd still has a chance to
appear functional with some operations having a quadratic time
complexity.

diff --git a/ntp_sources.c b/ntp_sources.c
index 0c5a89a7ddf6417373b31b85d26ab4025636a768..8c5f61382630e71e04ec59e86e0f56f5dbeac1d4 100644 (file)
--- a/ntp_sources.c
+++ b/ntp_sources.c
@@ -45,6 +45,9 @@
 
 /* ================================================== */
 
+/* Maximum number of sources */
+#define MAX_SOURCES 65536
+
 /* Record type private to this file, used to store information about
    particular sources */
 typedef struct {
@@ -336,6 +339,8 @@ add_source(NTP_Remote_Address *remote_addr, char *name, NTP_Source_Type type,
   } else if (!name && !UTI_IsIPReal(&remote_addr->ip_addr)) {
     /* Name is required for non-real addresses */
     return NSR_InvalidName;
+  } else if (n_sources >= MAX_SOURCES) {
+    return NSR_TooManySources;
   } else {
     if (remote_addr->ip_addr.family != IPADDR_INET4 &&
         remote_addr->ip_addr.family != IPADDR_INET6 &&