Trap possible overflow in usec values to netem

If user asks for large usec value it could overflow 32 bits.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>

diff --git a/tc/q_netem.c b/tc/q_netem.c
index 757edcaee717e9ddd5fc1c2e5e4a05ca1a46da98..7fbc771c7e8a7455a18206bacf0589060c7e1c37 100644 (file)
--- a/tc/q_netem.c
+++ b/tc/q_netem.c
@@ -111,6 +111,11 @@ static int get_ticks(__u32 *ticks, const char *str)
        if(get_usecs(&t, str))
                return -1;
        
+       if (tc_core_usec2big(t)) {
+               fprintf(stderr, "Illegal %d usecs (too large)\n", t);
+               return -1;
+       }
+
        *ticks = tc_core_usec2tick(t);
        return 0;
 }

diff --git a/tc/tc_core.c b/tc/tc_core.c
index 07cf2fa957d440396972f396199cb5a89ea3896b..10c375ef8f852125f170ea586b87e38e48e11b96 100644 (file)
--- a/tc/tc_core.c
+++ b/tc/tc_core.c
@@ -27,6 +27,15 @@ static __u32 t2us=1;
 static __u32 us2t=1;
 static double tick_in_usec = 1;
 
+int tc_core_usec2big(long usec)
+{
+       __u64 t = usec;
+
+       t *= tick_in_usec;
+       return (t >> 32) != 0;
+}
+
+
 long tc_core_usec2tick(long usec)
 {
        return usec*tick_in_usec;

diff --git a/tc/tc_core.h b/tc/tc_core.h
index 1537f95a7ec471ad7d7d8d511b0ed1fc9dcbb4fc..65611b6d4f738025dd8cbfdc7fa076a2a0270890 100644 (file)
--- a/tc/tc_core.h
+++ b/tc/tc_core.h
@@ -4,6 +4,7 @@
 #include <asm/types.h>
 #include <linux/pkt_sched.h>
 
+int  tc_core_usec2big(long usec);
 long tc_core_usec2tick(long usec);
 long tc_core_tick2usec(long tick);
 unsigned tc_calc_xmittime(unsigned rate, unsigned size);