| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 7 Jul 2019 03:10:00 -0700
From: tip-bot for zhengbin <tipbot@...or.com>
To: linux-tip-commits@...r.kernel.org
Cc: mingo@...nel.org, tglx@...utronix.de, hpa@...or.com,
linux-kernel@...r.kernel.org, zhengbin13@...wei.com
Subject: [tip:timers/core] time: Validate user input in
compat_settimeofday()
Commit-ID: 9176ab1b848059a0cd9caf39f0cebaa1b7ec5ec2
Gitweb: https://git.kernel.org/tip/9176ab1b848059a0cd9caf39f0cebaa1b7ec5ec2
Author: zhengbin <zhengbin13@...wei.com>
AuthorDate: Sun, 7 Jul 2019 08:51:41 +0800
Committer: Thomas Gleixner <tglx@...utronix.de>
CommitDate: Sun, 7 Jul 2019 12:05:40 +0200
time: Validate user input in compat_settimeofday()
The user value is validated after converting the timeval to a timespec, but
for a wide range of negative tv_usec values the multiplication overflow turns
them in positive numbers. So the 'validated later' is not catching the
invalid input.
Signed-off-by: zhengbin <zhengbin13@...wei.com>
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
Link: https://lkml.kernel.org/r/1562460701-113301-1-git-send-email-zhengbin13@huawei.com
---
kernel/time/time.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/time/time.c b/kernel/time/time.c
index 7f7d6914ddd5..5c54ca632d08 100644
--- a/kernel/time/time.c
+++ b/kernel/time/time.c
@@ -251,6 +251,10 @@ COMPAT_SYSCALL_DEFINE2(settimeofday, struct old_timeval32 __user *, tv,
if (tv) {
if (compat_get_timeval(&user_tv, tv))
return -EFAULT;
+
+ if (!timeval_valid(&user_tv))
+ return -EINVAL;
+
new_ts.tv_sec = user_tv.tv_sec;
new_ts.tv_nsec = user_tv.tv_usec * NSEC_PER_USEC;
}
Powered by blists - more mailing lists