Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern Avoid signed integer overflow in ts2timo() for ts->...
details: https://anonhg.NetBSD.org/src/rev/a87a0ee3f29b
branches: trunk
changeset: 460024:a87a0ee3f29b
user: kamil <kamil%NetBSD.org@localhost>
date: Fri Oct 04 14:17:07 2019 +0000
description:
Avoid signed integer overflow in ts2timo() for ts->tv_nsec
The condition would be rechecked later again after subtracting start time
and most invalid inputs rejected. In corner cases the current code can
accept certain invalid inputs that will pass checks later and behave like
valid ones (due to signed integer overflow).
Reported-by: syzbot+3a4a07b62558bbbd3baa%syzkaller.appspotmail.com@localhost
diffstat:
sys/kern/subr_time.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diffs (28 lines):
diff -r b6d161ac2adf -r a87a0ee3f29b sys/kern/subr_time.c
--- a/sys/kern/subr_time.c Fri Oct 04 12:46:43 2019 +0000
+++ b/sys/kern/subr_time.c Fri Oct 04 14:17:07 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_time.c,v 1.20 2017/12/08 01:19:29 christos Exp $ */
+/* $NetBSD: subr_time.c,v 1.21 2019/10/04 14:17:07 kamil Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1993
@@ -33,7 +33,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_time.c,v 1.20 2017/12/08 01:19:29 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_time.c,v 1.21 2019/10/04 14:17:07 kamil Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -329,6 +329,9 @@
int error;
struct timespec tsd;
+ if (ts->tv_nsec < 0 || ts->tv_nsec >= 1000000000L)
+ return EINVAL;
+
flags &= TIMER_ABSTIME;
if (start == NULL)
start = &tsd;
Home |
Main Index |
Thread Index |
Old Index