[RFC][PATCH -reworked] time: Verify time values in adjtimex ADJ_SETOFFSET to avoid overflow

From: John Stultz
Date: Mon Dec 07 2015 - 15:12:15 EST

Next message: John Stultz: "Re: [RFC][PATCH -reworked] time: Verify time values in adjtimex ADJ_SETOFFSET to avoid overflow"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 2/5] perf buildid-list: Fix return value of perf buildid-list -k"
In reply to: John Stultz: "Re: [PATCH] time: verify time values in adjtimex ADJ_SETOFFSET to avoid overflow"
Next in thread: John Stultz: "Re: [RFC][PATCH -reworked] time: Verify time values in adjtimex ADJ_SETOFFSET to avoid overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sasha Levin <sasha.levin@xxxxxxxxxx>

Make sure the tv_usec makes sense. We might multiply them later which can
cause an overflow and undefined behavior.

Cc: Sasha Levin <sasha.levin@xxxxxxxxxx>
Cc: Richard Cochran <richardcochran@xxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>,
Signed-off-by: Sasha Levin <sasha.levin@xxxxxxxxxx>
[jstultz: Moved corrected check to ntp_validate_timex]
Signed-off-by: John Stultz <john.stultz@xxxxxxxxxx>
---
Here's my attempt at reworking the patch.
Let me know if you have any thoughts or objections.
thanks
-john

kernel/time/ntp.c | 14 ++++++++++++--
kernel/time/timekeeping.c | 1 +
2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
index 36616c3..e9a1874 100644
--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
@@ -676,8 +676,18 @@ int ntp_validate_timex(struct timex *txc)
return -EINVAL;
}

- if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME)))
- return -EPERM;
+ if (txc->modes & ADJ_SETOFFSET) {
+ /* In order to inject time, you gotta be super-user! */
+ if (!capable(CAP_SYS_TIME))
+ return -EPERM;
+
+ /*
+ * tv_sec can be positive or negative, but usec
+ * must be positive and from 0->USEC_PER_SEC
+ */
+ if (txc->time.tv_usec >= USEC_PER_SEC)
+ return -EINVAL;
+ }

/*
* Check for potential multiplication overflows that can
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index 99188ee..a37222b 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -1986,6 +1986,7 @@ int do_adjtimex(struct timex *txc)

if (txc->modes & ADJ_SETOFFSET) {
struct timespec delta;
+
delta.tv_sec = txc->time.tv_sec;
delta.tv_nsec = txc->time.tv_usec;
if (!(txc->modes & ADJ_NANO))
--
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: John Stultz: "Re: [RFC][PATCH -reworked] time: Verify time values in adjtimex ADJ_SETOFFSET to avoid overflow"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 2/5] perf buildid-list: Fix return value of perf buildid-list -k"
In reply to: John Stultz: "Re: [PATCH] time: verify time values in adjtimex ADJ_SETOFFSET to avoid overflow"
Next in thread: John Stultz: "Re: [RFC][PATCH -reworked] time: Verify time values in adjtimex ADJ_SETOFFSET to avoid overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]