From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 23 Oct 2018 13:24:16 +0000 (+0900)
Subject: util: check overflow in parse_nsec()
X-Git-Tag: v240~491^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f6a178e91dd5fccf43f659eca887788fd5dcdccf;p=thirdparty%2Fsystemd.git

util: check overflow in parse_nsec()
---

diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index e24eef4082b..4d297394e2a 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -1194,12 +1194,22 @@ int parse_nsec(const char *t, nsec_t *nsec) {
 
                 for (i = 0; i < ELEMENTSOF(table); i++)
                         if (startswith(e, table[i].suffix)) {
-                                nsec_t k = (nsec_t) z * table[i].nsec;
+                                nsec_t k;
+
+                                k = ((nsec_t) -1) / table[i].nsec;
+                                if ((nsec_t) l + 1 >= k || (nsec_t) z >= k)
+                                        return -ERANGE;
+
+                                k = (nsec_t) z * table[i].nsec;
 
                                 for (; n > 0; n--)
                                         k /= 10;
 
-                                r += (nsec_t) l * table[i].nsec + k;
+                                k += (nsec_t) l * table[i].nsec;
+                                if (k >= ((nsec_t) -1) - r)
+                                        return -ERANGE;
+
+                                r += k;
                                 p = e + strlen(table[i].suffix);
 
                                 something = true;