Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932751AbbLGUMK (ORCPT <rfc822;w@1wt.eu>);
	Mon, 7 Dec 2015 15:12:10 -0500
Received: from mail-pf0-f175.google.com ([209.85.192.175]:32823 "EHLO
	mail-pf0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932593AbbLGUMI (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 7 Dec 2015 15:12:08 -0500
From: John Stultz <john.stultz@linaro.org>
To: lkml <linux-kernel@vger.kernel.org>
Cc: Sasha Levin <sasha.levin@oracle.com>,
        Richard Cochran <richardcochran@gmail.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        John Stultz <john.stultz@linaro.org>
Subject: [RFC][PATCH -reworked] time: Verify time values in adjtimex ADJ_SETOFFSET to avoid overflow
Date: Mon,  7 Dec 2015 12:11:58 -0800
Message-Id: <1449519118-4950-1-git-send-email-john.stultz@linaro.org>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <CALAqxLU1c+hLHyKMgM4EFaNUN-Y2Kcj6O08DngcSpy1DZ_487Q@mail.gmail.com>
References: <CALAqxLU1c+hLHyKMgM4EFaNUN-Y2Kcj6O08DngcSpy1DZ_487Q@mail.gmail.com>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2035
Lines: 67

From: Sasha Levin <sasha.levin@oracle.com>

Make sure the tv_usec makes sense. We might multiply them later which can
cause an overflow and undefined behavior.

Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Richard Cochran <richardcochran@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[jstultz: Moved corrected check to ntp_validate_timex]
Signed-off-by: John Stultz <john.stultz@linaro.org>
---
Here's my attempt at reworking the patch.
Let me know if you have any thoughts or objections.
thanks
-john


 kernel/time/ntp.c         | 14 ++++++++++++--
 kernel/time/timekeeping.c |  1 +
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
index 36616c3..e9a1874 100644
--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
@@ -676,8 +676,18 @@ int ntp_validate_timex(struct timex *txc)
 			return -EINVAL;
 	}
 
-	if ((txc->modes & ADJ_SETOFFSET) && (!capable(CAP_SYS_TIME)))
-		return -EPERM;
+	if (txc->modes & ADJ_SETOFFSET) {
+		/* In order to inject time, you gotta be super-user! */
+		if (!capable(CAP_SYS_TIME))
+			return -EPERM;
+
+		/*
+		 * tv_sec can be positive or negative, but usec
+		 * must be positive and from 0->USEC_PER_SEC
+		 */
+		if (txc->time.tv_usec >= USEC_PER_SEC)
+			return -EINVAL;
+	}
 
 	/*
 	 * Check for potential multiplication overflows that can
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index 99188ee..a37222b 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -1986,6 +1986,7 @@ int do_adjtimex(struct timex *txc)
 
 	if (txc->modes & ADJ_SETOFFSET) {
 		struct timespec delta;
+
 		delta.tv_sec  = txc->time.tv_sec;
 		delta.tv_nsec = txc->time.tv_usec;
 		if (!(txc->modes & ADJ_NANO))
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/