lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Jul 2019 11:24:59 +0200 (CEST) From: Thomas Gleixner <tglx@...utronix.de> To: ZhangXiaoxu <zhangxiaoxu5@...wei.com> cc: john.stultz@...aro.org, sboyd@...nel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] time: Validate the usec before covert to nsec in do_adjtimex On Mon, 8 Jul 2019, ZhangXiaoxu wrote: > When covert the usec to nsec, it will multiple 1000, it maybe > overflow and lead an undefined behavior. > > For example, users may input an negative tv_usec values when > call adjtimex syscall, then multiple 1000 maybe overflow it > to a positive and legal number. > > So, we should validate the usec before coverted it to nsec. That's correct, but the actuall inject function wants to keep the sanity check, Thanks, tglx
Powered by blists - more mailing lists