From: Sasha Levin Date: Thu, 4 Dec 2014 00:22:48 +0000 (-0500) Subject: time: settimeofday: Validate the values of tv from user X-Git-Tag: v3.4.107~90 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=370375c0a447eefedc19e872e5137eeff47162f2;p=thirdparty%2Fkernel%2Fstable.git time: settimeofday: Validate the values of tv from user commit 6ada1fc0e1c4775de0e043e1bd3ae9d065491aa5 upstream. An unvalidated user input is multiplied by a constant, which can result in an undefined behaviour for large values. While this is validated later, we should avoid triggering undefined behaviour. Cc: Thomas Gleixner Cc: Ingo Molnar Signed-off-by: Sasha Levin [jstultz: include trivial milisecond->microsecond correction noticed by Andy] Signed-off-by: John Stultz [lizf: Backported to 3.4: adjust filename] Signed-off-by: Zefan Li --- diff --git a/include/linux/time.h b/include/linux/time.h index 03dce74e217ce..bf1bb618b3528 100644 --- a/include/linux/time.h +++ b/include/linux/time.h @@ -189,6 +189,19 @@ extern void getboottime(struct timespec *ts); extern void monotonic_to_bootbased(struct timespec *ts); extern void get_monotonic_boottime(struct timespec *ts); +static inline bool timeval_valid(const struct timeval *tv) +{ + /* Dates before 1970 are bogus */ + if (tv->tv_sec < 0) + return false; + + /* Can't have more microseconds then a second */ + if (tv->tv_usec < 0 || tv->tv_usec >= USEC_PER_SEC) + return false; + + return true; +} + extern struct timespec timespec_trunc(struct timespec t, unsigned gran); extern int timekeeping_valid_for_hres(void); extern u64 timekeeping_max_deferment(void); diff --git a/kernel/time.c b/kernel/time.c index a09529030093d..0864d70da80d4 100644 --- a/kernel/time.c +++ b/kernel/time.c @@ -186,6 +186,10 @@ SYSCALL_DEFINE2(settimeofday, struct timeval __user *, tv, if (tv) { if (copy_from_user(&user_tv, tv, sizeof(*tv))) return -EFAULT; + + if (!timeval_valid(&user_tv)) + return -EINVAL; + new_ts.tv_sec = user_tv.tv_sec; new_ts.tv_nsec = user_tv.tv_usec * NSEC_PER_USEC; }