Module Name: src
Committed By: kamil
Date: Sat Oct 5 12:57:40 UTC 2019
Modified Files:
src/sys/kern: kern_time.c
Log Message:
Check for valid timespec in clock_settime1()
An alternative approach would be to check the valie in settime1(), but
it would result in multiple checks for valid tv_nsec, as there are
settime1() users that need to check the ranges earlier.
Reported-by: syzbot+96e5ce2c2c704d96c...@syzkaller.appspotmail.com
To generate a diff of this commit:
cvs rdiff -u -r1.200 -r1.201 src/sys/kern/kern_time.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_time.c
diff -u src/sys/kern/kern_time.c:1.200 src/sys/kern/kern_time.c:1.201
--- src/sys/kern/kern_time.c:1.200 Fri Sep 20 14:12:57 2019
+++ src/sys/kern/kern_time.c Sat Oct 5 12:57:40 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_time.c,v 1.200 2019/09/20 14:12:57 kamil Exp $ */
+/* $NetBSD: kern_time.c,v 1.201 2019/10/05 12:57:40 kamil Exp $ */
/*-
* Copyright (c) 2000, 2004, 2005, 2007, 2008, 2009 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.200 2019/09/20 14:12:57 kamil Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_time.c,v 1.201 2019/10/05 12:57:40 kamil Exp $");
#include <sys/param.h>
#include <sys/resourcevar.h>
@@ -217,6 +217,9 @@ clock_settime1(struct proc *p, clockid_t
{
int error;
+ if (tp->tv_nsec < 0 || tp->tv_nsec >= 1000000000L)
+ return EINVAL;
+
switch (clock_id) {
case CLOCK_REALTIME:
if ((error = settime1(p, tp, check_kauth)) != 0)
