From: Sasha Levin <sasha.le...@oracle.com>
Make sure the tv_usec makes sense. We might multiply them later which can
cause an overflow and undefined behavior.
Cc: Sasha Levin <sasha.le...@oracle.com>
Cc: Richard Cochran <richardcoch...@gmail.com>
Cc: Thomas Gleixner <t...@linutronix.de>,
Signed-off-by: Sasha Levin <sasha.le...@oracle.com>
[jstultz: Moved corrected check to ntp_validate_timex]
Signed-off-by: John Stultz <john.stu...@linaro.org>
---
Here's my attempt at reworking the patch.
Let me know if you have any thoughts or objections.
thanks
-john
kernel/time/ntp.c | 14 ++++++++++++--
kernel/time/timekeeping.c | 1 +
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
index 36616c3..e9a1874 100644
--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
@@ -676,8 +676,18 @@ int ntp_validate_timex(struct timex *txc)
return -EINVAL;
}
- if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME)))
- return -EPERM;
+ if (txc->modes & ADJ_SETOFFSET) {
+ /* In order to inject time, you gotta be super-user! */
+ if (!capable(CAP_SYS_TIME))
+ return -EPERM;
+
+ /*
+ * tv_sec can be positive or negative, but usec
+ * must be positive and from 0->USEC_PER_SEC
+ */
+ if (txc->time.tv_usec >= USEC_PER_SEC)
+ return -EINVAL;
+ }
/*
* Check for potential multiplication overflows that can
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index 99188ee..a37222b 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -1986,6 +1986,7 @@ int do_adjtimex(struct timex *txc)
if (txc->modes & ADJ_SETOFFSET) {
struct timespec delta;
+
delta.tv_sec = txc->time.tv_sec;
delta.tv_nsec = txc->time.tv_usec;
if (!(txc->modes & ADJ_NANO))
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
