Re: Fixing settime1() to reject invalid struct timespec ?

[Nicolas Joly <njoly%pasteur.fr@localhost>]

On Wed, Jul 29, 2009 at 11:51:01AM +0000, YAMAMOTO Takashi wrote:
> hi,
> 
> > On Mon, Jul 27, 2009 at 03:26:25PM +0200, Joerg Sonnenberger wrote:
> >> On Mon, Jul 27, 2009 at 02:37:29PM +0200, Nicolas Joly wrote:
> >> > To solve this, we can: (a) use an ugly __UNCONST() when calling
> >> > itimespecfix(), or (b) drop the const qualifier from
> >> > clock_settime1()/settime1() ...
> >> 
> >> (c) Normalise into a new variable.
> > 
> > That's even better ;-) It kills the __UNCONST from kauth call.
> > 
> > Here follow the corresponding patch.
> 
> (d) split itimespecfix into two functions.
> 
> the non-const part of itimespecfix doesn't seem appropriate for
> an absolute time, which settime1 is for.

Oh sure ...

Is it worth adding a new function (inline ?) for a single expression.

Thanks.

Index: sys/kern/kern_time.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_time.c,v
retrieving revision 1.160
diff -u -p -r1.160 kern_time.c
--- sys/kern/kern_time.c        29 Mar 2009 19:21:19 -0000      1.160
+++ sys/kern/kern_time.c        31 Aug 2009 15:36:13 -0000
@@ -134,6 +134,9 @@ settime1(struct proc *p, const struct ti
        struct timespec delta, now;
        int s;
 
+       if (ts->tv_sec < 0 || ts->tv_nsec < 0 || ts->tv_nsec >= 1000000000)
+               return EINVAL;
+
        /* WHAT DO WE DO ABOUT PENDING REAL-TIME TIMEOUTS??? */
        s = splclock();
        nanotime(&now);


-- 
Nicolas Joly

Biological Software and Databanks.
Institut Pasteur, Paris.