From: Pavel Filipenský <pfilipen@redhat.com>
Date: Mon, 28 Feb 2022 22:33:22 +0000 (+0100)
Subject: s3:lib: Fix possible 32-bit arithmetic overflow
X-Git-Tag: tevent-0.12.0~551
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f977cd6f839fd904529f12ef2ee5caae88af0ab;p=thirdparty%2Fsamba.git

s3:lib: Fix possible 32-bit arithmetic overflow

Reported by covscan.

Potentially overflowing expression "glue->gtimeout * 1000" with type "int"
(32 bits, signed) is evaluated using 32-bit arithmetic, and then used in
a context that expects an expression of type "uint64_t" (64 bits, unsigned).

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Mar  5 08:04:28 UTC 2022 on sn-devel-184
---

diff --git a/source3/lib/tevent_glib_glue.c b/source3/lib/tevent_glib_glue.c
index b83f2036d9a..1e1d62e585c 100644
--- a/source3/lib/tevent_glib_glue.c
+++ b/source3/lib/tevent_glib_glue.c
@@ -538,7 +538,6 @@ static bool get_glib_fds_and_timeout(struct tevent_glib_glue *glue)
 
 static bool tevent_glib_update_events(struct tevent_glib_glue *glue)
 {
-	uint64_t microsec;
 	struct timeval tv;
 	bool ok;
 
@@ -580,9 +579,8 @@ static bool tevent_glib_update_events(struct tevent_glib_glue *glue)
 		return true;
 	}
 
-	microsec = glue->gtimeout * 1000;
-	tv = tevent_timeval_current_ofs(microsec / 1000000,
-					microsec % 1000000);
+	tv = tevent_timeval_current_ofs(glue->gtimeout / 1000,
+					(glue->gtimeout % 1000) * 1000);
 
 	glue->timer = tevent_add_timer(glue->ev,
 				       glue,