util: check overflow in parse_nsec()

author Yu Watanabe <watanabe.yu+github@gmail.com>

Tue, 23 Oct 2018 13:24:16 +0000 (22:24 +0900)

committer Yu Watanabe <watanabe.yu+github@gmail.com>

Tue, 23 Oct 2018 13:24:16 +0000 (22:24 +0900)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Tue, 23 Oct 2018 13:24:16 +0000 (22:24 +0900)
committer Yu Watanabe <watanabe.yu+github@gmail.com>
Tue, 23 Oct 2018 13:24:16 +0000 (22:24 +0900)
diff --git a/src/basic/time-util.c b/src/basic/time-util.c

index e24eef4082bd586a1516711f93e9f986bb7c5384..4d297394e2acdf463247686ccc0bb8bfe9e2729d 100644 (file)
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -1194,12 +1194,22 @@ int parse_nsec(const char *t, nsec_t *nsec) {
  
                  for (i = 0; i < ELEMENTSOF(table); i++)
                          if (startswith(e, table[i].suffix)) {
-                                nsec_t k = (nsec_t) z * table[i].nsec;
+                                nsec_t k;
+
+                                k = ((nsec_t) -1) / table[i].nsec;
+                                if ((nsec_t) l + 1 >= k || (nsec_t) z >= k)
+                                        return -ERANGE;
+
+                                k = (nsec_t) z * table[i].nsec;
  
                                  for (; n > 0; n--)
                                          k /= 10;
  
-                                r += (nsec_t) l * table[i].nsec + k;
+                                k += (nsec_t) l * table[i].nsec;
+                                if (k >= ((nsec_t) -1) - r)
+                                        return -ERANGE;
+
+                                r += k;
                                  p = e + strlen(table[i].suffix);
  
                                  something = true;
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Tue, 23 Oct 2018 13:24:16 +0000 (22:24 +0900)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Tue, 23 Oct 2018 13:24:16 +0000 (22:24 +0900)