
On 02/20/2013 01:51 PM, John Ferlan wrote:
Don't allow interval to be > MAX_INT/1000 in virKeepAliveStart()
Guard against possible overflow in virKeepAliveTimeout() by setting the timeout to be MAX_INT/1000 since the math following will multiply it by 1000.
This is a follow-up of sorts from a Coverity change made last month:
https://www.redhat.com/archives/libvir-list/2013-January/msg02267.html
where it was noted that the timeout value math needed overflow protection.
--- src/rpc/virkeepalive.c | 9 +++++++++ 1 file changed, 9 insertions(+)
ACK.
diff --git a/src/rpc/virkeepalive.c b/src/rpc/virkeepalive.c index d1fa642..6d69559 100644 --- a/src/rpc/virkeepalive.c +++ b/src/rpc/virkeepalive.c @@ -252,6 +252,12 @@ virKeepAliveStart(virKeepAlivePtr ka, _("keepalive interval already set")); goto cleanup; } + /* Guard against overflow */ + if (interval > INT_MAX / 1000) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("keepalive interval too large")); + goto cleanup; + } ka->interval = interval; ka->count = count; ka->countToDeath = count; @@ -323,6 +329,9 @@ virKeepAliveTimeout(virKeepAlivePtr ka) timeout = ka->interval - (time(NULL) - ka->intervalStart); if (timeout < 0) timeout = 0; + /* Guard against overflow */ + if (timeout > INT_MAX / 1000) + timeout = INT_MAX / 1000; }
virObjectUnlock(ka);
-- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org