From: John Wolfe Date: Tue, 21 Dec 2021 20:48:50 +0000 (-0800) Subject: Fix potential integer overflow when calling g_timeout_source_new() or X-Git-Tag: stable-12.0.0~33 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7cb1006b6f362a1e19b6dbaea5ae30bd727d4f5b;p=thirdparty%2Fopen-vm-tools.git Fix potential integer overflow when calling g_timeout_source_new() or g_timeout_source_new_seconds(). --- diff --git a/open-vm-tools/services/plugins/appInfo/appInfo.c b/open-vm-tools/services/plugins/appInfo/appInfo.c index d6be49def..0757ace8a 100644 --- a/open-vm-tools/services/plugins/appInfo/appInfo.c +++ b/open-vm-tools/services/plugins/appInfo/appInfo.c @@ -505,7 +505,7 @@ TweakGatherLoop(ToolsAppCtx *ctx, // IN CONFNAME_APPINFO_POLLINTERVAL, APP_INFO_POLL_INTERVAL); - if (pollInterval < 0) { + if (pollInterval < 0 || pollInterval > (G_MAXINT / 1000)) { g_warning("%s: Invalid poll interval %d. Using default %us.\n", __FUNCTION__, pollInterval, APP_INFO_POLL_INTERVAL); pollInterval = APP_INFO_POLL_INTERVAL; diff --git a/open-vm-tools/services/plugins/containerInfo/containerInfo.c b/open-vm-tools/services/plugins/containerInfo/containerInfo.c index a4a960b69..0c6d5d01b 100644 --- a/open-vm-tools/services/plugins/containerInfo/containerInfo.c +++ b/open-vm-tools/services/plugins/containerInfo/containerInfo.c @@ -753,7 +753,7 @@ TweakGatherLoop(ToolsAppCtx *ctx, // IN CONFNAME_CONTAINERINFO_POLLINTERVAL, CONTAINERINFO_DEFAULT_POLL_INTERVAL); - if (pollInterval < 0) { + if (pollInterval < 0 || pollInterval > (G_MAXINT / 1000)) { g_warning("%s: Invalid poll interval %d. Using default %us.\n", __FUNCTION__, pollInterval, CONTAINERINFO_DEFAULT_POLL_INTERVAL); diff --git a/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c b/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c index d483fd2bd..edd63219c 100644 --- a/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c +++ b/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c @@ -1986,29 +1986,20 @@ TweakGatherLoop(ToolsAppCtx *ctx, gint pollInterval = 0; if (enable) { - pollInterval = defInterval * 1000; - /* * Check the config registry for custom poll interval, * converting from seconds to milliseconds. */ - if (g_key_file_has_key(ctx->config, CONFGROUPNAME_GUESTINFO, - cfgKey, NULL)) { - GError *gError = NULL; - - pollInterval = g_key_file_get_integer(ctx->config, - CONFGROUPNAME_GUESTINFO, - cfgKey, &gError); - pollInterval *= 1000; - - if (pollInterval < 0 || gError) { - g_warning("Invalid %s.%s value. Using default %us.\n", - CONFGROUPNAME_GUESTINFO, cfgKey, defInterval); - pollInterval = defInterval * 1000; - } - - g_clear_error(&gError); + pollInterval = VMTools_ConfigGetInteger(ctx->config, + CONFGROUPNAME_GUESTINFO, + cfgKey, defInterval); + if (pollInterval < 0 || pollInterval > (G_MAXINT / 1000)) { + g_warning("Invalid %s.%s value. Using default %us.\n", + CONFGROUPNAME_GUESTINFO, cfgKey, defInterval); + pollInterval = defInterval; } + + pollInterval *= 1000; } if (*timeoutSource != NULL) { diff --git a/open-vm-tools/services/plugins/guestStore/guestStorePlugin.c b/open-vm-tools/services/plugins/guestStore/guestStorePlugin.c index 9b6fb80a6..c7da4481e 100644 --- a/open-vm-tools/services/plugins/guestStore/guestStorePlugin.c +++ b/open-vm-tools/services/plugins/guestStore/guestStorePlugin.c @@ -1390,7 +1390,7 @@ StartCurrentClientConnRecvTimeout(void) clientRecvTimeout = GUESTSTORE_CONFIG_GET_INT("clientRecvTimeout", DEFAULT_CLIENT_RECV_TIMEOUT); - if (clientRecvTimeout <= 0) { + if (clientRecvTimeout <= 0 || clientRecvTimeout > (G_MAXINT / 1000)) { g_warning("Invalid clientRecvTimeout (%d); Using default (%d).\n", clientRecvTimeout, DEFAULT_CLIENT_RECV_TIMEOUT); clientRecvTimeout = DEFAULT_CLIENT_RECV_TIMEOUT; @@ -2282,7 +2282,8 @@ VmxConnectCb(AsyncSocket *asock, // IN theVmxConn->connTimeout = GUESTSTORE_CONFIG_GET_INT("connTimeout", GUESTSTORE_DEFAULT_CONN_TIMEOUT); - if (theVmxConn->connTimeout <= 0) { + if (theVmxConn->connTimeout <= 0 || + theVmxConn->connTimeout > (G_MAXINT / 1000)) { g_warning("Invalid connTimeout (%d); Using default (%d).\n", theVmxConn->connTimeout, GUESTSTORE_DEFAULT_CONN_TIMEOUT); theVmxConn->connTimeout = GUESTSTORE_DEFAULT_CONN_TIMEOUT; diff --git a/open-vm-tools/services/plugins/vmbackup/stateMachine.c b/open-vm-tools/services/plugins/vmbackup/stateMachine.c index 473419bfa..99f525824 100644 --- a/open-vm-tools/services/plugins/vmbackup/stateMachine.c +++ b/open-vm-tools/services/plugins/vmbackup/stateMachine.c @@ -114,6 +114,31 @@ static Bool VmBackupEnableCompleteWait(void); +/** + * Returns the configured timeout value. + * + * @param[in] config Config file to read from. + * @param[in] defValue Default value if the timeout key is not found or error. + * + * @return value of the timeout key if read successfully, + * defValue otherwise. + */ + +static gint +VmBackupGetTimeout(GKeyFile *config, + const gint defValue) +{ + gint timeout = VMBACKUP_CONFIG_GET_INT(config, "timeout", defValue); + if (timeout < 0 || timeout > (G_MAXINT / 1000)) { + g_warning("Invalid timeout %d. Using default %us.", + timeout, defValue); + timeout = defValue; + } + + return timeout; +} + + /** * Returns a string representation of the given state machine state. * @@ -1081,8 +1106,8 @@ VmBackupStartCommon(RpcInData *data, * See bug 506106. */ if (gBackupState->timeout == 0) { - gBackupState->timeout = VMBACKUP_CONFIG_GET_INT(ctx->config, "timeout", - GUEST_QUIESCE_DEFAULT_TIMEOUT_IN_SEC); + gBackupState->timeout = VmBackupGetTimeout(ctx->config, + GUEST_QUIESCE_DEFAULT_TIMEOUT_IN_SEC); } /* Treat "0" as no timeout. */ @@ -1167,8 +1192,7 @@ VmBackupStart(RpcInData *data) gBackupState->scriptArg = VMBACKUP_CONFIG_GET_STR(ctx->config, "scriptArg", NULL); - gBackupState->timeout = VMBACKUP_CONFIG_GET_INT(ctx->config, - "timeout", 0); + gBackupState->timeout = VmBackupGetTimeout(ctx->config, 0); gBackupState->vssUseDefault = VMBACKUP_CONFIG_GET_BOOL(ctx->config, "vssUseDefault", TRUE);