Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern Avoid signed integer overflow in ts2timo() for ts->...
details: https://anonhg.NetBSD.org/src/rev/fae44d879c7a
branches: trunk
changeset: 965881:fae44d879c7a
user: kamil <kamil%NetBSD.org@localhost>
date: Fri Oct 04 14:17:07 2019 +0000
description:
Avoid signed integer overflow in ts2timo() for ts->tv_nsec
The condition would be rechecked later again after subtracting start time
and most invalid inputs rejected. In corner cases the current code can
accept certain invalid inputs that will pass checks later and behave like
valid ones (due to signed integer overflow).
Reported-by: syzbot+3a4a07b62558bbbd3baa%syzkaller.appspotmail.com@localhost
diffstat:
sys/kern/subr_time.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diffs (28 lines):
diff -r 961c0440f9de -r fae44d879c7a sys/kern/subr_time.c
--- a/sys/kern/subr_time.c Fri Oct 04 12:46:43 2019 +0000
+++ b/sys/kern/subr_time.c Fri Oct 04 14:17:07 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_time.c,v 1.20 2017/12/08 01:19:29 christos Exp $ */
+/* $NetBSD: subr_time.c,v 1.21 2019/10/04 14:17:07 kamil Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1993
@@ -33,7 +33,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_time.c,v 1.20 2017/12/08 01:19:29 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_time.c,v 1.21 2019/10/04 14:17:07 kamil Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -329,6 +329,9 @@
int error;
struct timespec tsd;
+ if (ts->tv_nsec < 0 || ts->tv_nsec >= 1000000000L)
+ return EINVAL;
+
flags &= TIMER_ABSTIME;
if (start == NULL)
start = &tsd;
Home |
Main Index |
Thread Index |
Old Index