Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern recvmmsg(2): Avoid arithmetic overflow in timeout c...
details: https://anonhg.NetBSD.org/src/rev/88f6ea965242
branches: trunk
changeset: 368208:88f6ea965242
user: riastradh <riastradh%NetBSD.org@localhost>
date: Tue Jun 28 11:41:32 2022 +0000
description:
recvmmsg(2): Avoid arithmetic overflow in timeout calculations.
XXX This is not right -- it doesn't actually do anything to time
out...
Reported-by: syzbot+784209d76a94fcc6417b%syzkaller.appspotmail.com@localhost
diffstat:
sys/kern/uipc_syscalls.c | 14 +++++++++-----
1 files changed, 9 insertions(+), 5 deletions(-)
diffs (42 lines):
diff -r 1331529153e5 -r 88f6ea965242 sys/kern/uipc_syscalls.c
--- a/sys/kern/uipc_syscalls.c Tue Jun 28 10:42:22 2022 +0000
+++ b/sys/kern/uipc_syscalls.c Tue Jun 28 11:41:32 2022 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: uipc_syscalls.c,v 1.203 2022/06/27 04:06:48 riastradh Exp $ */
+/* $NetBSD: uipc_syscalls.c,v 1.204 2022/06/28 11:41:32 riastradh Exp $ */
/*-
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.203 2022/06/27 04:06:48 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_syscalls.c,v 1.204 2022/06/28 11:41:32 riastradh Exp $");
#ifdef _KERNEL_OPT
#include "opt_pipe.h"
@@ -1042,7 +1042,12 @@
if ((error = copyin(SCARG(uap, timeout), &ts, sizeof(ts))) != 0)
return error;
getnanotime(&now);
- timespecadd(&now, &ts, &ts);
+ if (timespecaddok(&now, &ts)) {
+ timespecadd(&now, &ts, &ts);
+ } else {
+ ts.tv_sec = __type_max(time_t);
+ ts.tv_nsec = 999999999L;
+ }
}
s = SCARG(uap, s);
@@ -1109,8 +1114,7 @@
if (SCARG(uap, timeout)) {
getnanotime(&now);
- timespecsub(&now, &ts, &now);
- if (now.tv_sec > 0)
+ if (timespeccmp(&ts, &now, <))
break;
}
Home |
Main Index |
Thread Index |
Old Index