| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Mar 2012 12:36:14 -0400 From: Sasha Levin <levinsasha928@...il.com> To: johnstul@...ibm.com, tglx@...utronix.de, linux-kernel@...r.kernel.org Cc: Sasha Levin <levinsasha928@...il.com> Subject: [PATCH 2/2] ntp: Fix integer overflow when setting time 'long secs' was being passed as divisor to div_s64, which accepts a 32bit divisor. On 64bit machines that value would be trimmed back from 8 bytes back to 4, allowing a divide by zero when the number is bigger than (1 << 32) - 1 and all 32 lower bits are 0. Signed-off-by: Sasha Levin <levinsasha928@...il.com> --- kernel/time/ntp.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c index 17fb1b9..c83c228 100644 --- a/kernel/time/ntp.c +++ b/kernel/time/ntp.c @@ -289,7 +289,11 @@ static inline s64 ntp_update_offset_fll(s64 offset64, long secs) time_status |= STA_MODE; - return div_s64(offset64 << (NTP_SCALE_SHIFT - SHIFT_FLL), secs); + /* + * secs is 8 bytes on 64bit systems, which means that it can + * wrap around when dividing. + */ + return div64_long(offset64 << (NTP_SCALE_SHIFT - SHIFT_FLL), secs); } static void ntp_update_offset(long offset) -- 1.7.8.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists