Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern Avoid signed integer overflow in ts2timo() for ts->...
details: https://anonhg.NetBSD.org/src/rev/fc2e090ef3e2
branches: trunk
changeset: 464392:fc2e090ef3e2
user: kamil <kamil%NetBSD.org@localhost>
date: Fri Oct 04 14:17:07 2019 +0000
description:
Avoid signed integer overflow in ts2timo() for ts->tv_nsec
The condition would be rechecked later again after subtracting start time
and most invalid inputs rejected. In corner cases the current code can
accept certain invalid inputs that will pass checks later and behave like
valid ones (due to signed integer overflow).
Reported-by: syzbot+3a4a07b62558bbbd3baa%syzkaller.appspotmail.com@localhost
diffstat:
sys/kern/subr_time.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diffs (28 lines):
diff -r dd090d1b7d23 -r fc2e090ef3e2 sys/kern/subr_time.c
--- a/sys/kern/subr_time.c Fri Oct 04 12:46:43 2019 +0000
+++ b/sys/kern/subr_time.c Fri Oct 04 14:17:07 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_time.c,v 1.20 2017/12/08 01:19:29 christos Exp $ */
+/* $NetBSD: subr_time.c,v 1.21 2019/10/04 14:17:07 kamil Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1993
@@ -33,7 +33,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_time.c,v 1.20 2017/12/08 01:19:29 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_time.c,v 1.21 2019/10/04 14:17:07 kamil Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -329,6 +329,9 @@
int error;
struct timespec tsd;
+ if (ts->tv_nsec < 0 || ts->tv_nsec >= 1000000000L)
+ return EINVAL;
+
flags &= TIMER_ABSTIME;
if (start == NULL)
start = &tsd;
Home |
Main Index |
Thread Index |
Old Index