From: Alan T. DeKok <aland@freeradius.org>
Date: Fri, 18 Apr 2025 20:12:03 +0000 (-0400)
Subject: limit timers
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=18c85e4f554a50c06447415317c66d60a5ef7481;p=thirdparty%2Ffreeradius-server.git

limit timers
---

diff --git a/src/lib/server/virtual_servers.c b/src/lib/server/virtual_servers.c
index 9ec32430e24..368d498f696 100644
--- a/src/lib/server/virtual_servers.c
+++ b/src/lib/server/virtual_servers.c
@@ -1131,12 +1131,22 @@ static int virtual_server_compile_sections(virtual_server_t *vs, tmpl_rules_t co
 
 		value = cf_section_name2(subcs);
 		if (!value) {
-			cf_log_err(subcs, "Invalid 'timeout { ... }' section, it must define a timeout (time_delta)");
+			cf_log_err(subcs, "Invalid 'timeout { ... }' section, it must define a timeout value");
 			return -1;
 		}
 
 		if (fr_value_box_from_str(subcs, &box, FR_TYPE_TIME_DELTA, NULL, value, strlen(value), NULL) < 0) {
-			cf_log_perr(subcs, "Failed parsing timeout value for 'timeout { ... }' section");
+			cf_log_perr(subcs, "Failed parsing timeout value");
+			return -1;
+		}
+
+		if (fr_time_delta_cmp(box.vb_time_delta, fr_time_delta_from_sec(1)) < 0) {
+			cf_log_err(subcs, "Timeout value %pV too small - it should be >= 1s", &box);
+			return -1;
+		}
+
+		if (fr_time_delta_cmp(box.vb_time_delta, fr_time_delta_from_sec(30)) > 0) {
+			cf_log_err(subcs, "Timeout value %pV too large - it should be <= 30s", &box);
 			return -1;
 		}