2:51 p.m.
Don't allow interval to be > MAX_INT/1000 in virKeepAliveStart()
Guard against possible overflow in virKeepAliveTimeout() by setting the
timeout to be MAX_INT/1000 since the math following will multiply it by 1000.
This is a follow-up of sorts from a Coverity change made last month:
https://www.redhat.com/archives/libvir-list/2013-January/msg02267.html
where it was noted that the timeout value math needed overflow protection.
---
src/rpc/virkeepalive.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/rpc/virkeepalive.c b/src/rpc/virkeepalive.c
index d1fa642..6d69559 100644
--- a/src/rpc/virkeepalive.c
+++ b/src/rpc/virkeepalive.c
@@ -252,6 +252,12 @@ virKeepAliveStart(virKeepAlivePtr ka,
_("keepalive interval already set"));
goto cleanup;
}
+ /* Guard against overflow */
+ if (interval > INT_MAX / 1000) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("keepalive interval too large"));
+ goto cleanup;
+ }
ka->interval = interval;
ka->count = count;
ka->countToDeath = count;
@@ -323,6 +329,9 @@ virKeepAliveTimeout(virKeepAlivePtr ka)
timeout = ka->interval - (time(NULL) - ka->intervalStart);
if (timeout < 0)
timeout = 0;
+ /* Guard against overflow */
+ if (timeout > INT_MAX / 1000)
+ timeout = INT_MAX / 1000;
}
virObjectUnlock(ka);
--
1.7.11.7
3:02 p.m.
On 02/20/2013 01:51 PM, John Ferlan wrote:
Don't allow interval to be > MAX_INT/1000 in
virKeepAliveStart()
Guard against possible overflow in virKeepAliveTimeout() by setting the
timeout to be MAX_INT/1000 since the math following will multiply it by 1000.
This is a follow-up of sorts from a Coverity change made last month:
https://www.redhat.com/archives/libvir-list/2013-January/msg02267.html
where it was noted that the timeout value math needed overflow protection.
---
src/rpc/virkeepalive.c | 9 +++++++++
1 file changed, 9 insertions(+)
ACK.
diff --git a/src/rpc/virkeepalive.c b/src/rpc/virkeepalive.c
index d1fa642..6d69559 100644
--- a/src/rpc/virkeepalive.c
+++ b/src/rpc/virkeepalive.c
@@ -252,6 +252,12 @@ virKeepAliveStart(virKeepAlivePtr ka,
_("keepalive interval already set"));
goto cleanup;
}
+ /* Guard against overflow */
+ if (interval > INT_MAX / 1000) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("keepalive interval too large"));
+ goto cleanup;
+ }
ka->interval = interval;
ka->count = count;
ka->countToDeath = count;
@@ -323,6 +329,9 @@ virKeepAliveTimeout(virKeepAlivePtr ka)
timeout = ka->interval - (time(NULL) - ka->intervalStart);
if (timeout < 0)
timeout = 0;
+ /* Guard against overflow */
+ if (timeout > INT_MAX / 1000)
+ timeout = INT_MAX / 1000;
}
virObjectUnlock(ka);
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
3:04 p.m.
On 02/20/2013 02:02 PM, Eric Blake wrote:
On 02/20/2013 01:51 PM, John Ferlan wrote:
> Don't allow interval to be > MAX_INT/1000 in virKeepAliveStart()
>
> Guard against possible overflow in virKeepAliveTimeout() by setting the
> timeout to be MAX_INT/1000 since the math following will multiply it by 1000.
>
> This is a follow-up of sorts from a Coverity change made last month:
>
> https://www.redhat.com/archives/libvir-list/2013-January/msg02267.html
>
> where it was noted that the timeout value math needed overflow protection.
>
> ---
> src/rpc/virkeepalive.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
ACK.
I hit send prematurely. What you have is fine, but it could be improved
slightly:
> + /* Guard against overflow */
> + if (interval > INT_MAX / 1000) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("keepalive interval too large"));
> + goto cleanup;
Instead of "%s", _("too large"), it would be better to have
_("keepalive
interval %d too large), interval
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
4:03 p.m.
On 02/20/2013 03:51 PM, John Ferlan wrote:
Don't allow interval to be > MAX_INT/1000 in
virKeepAliveStart()
Guard against possible overflow in virKeepAliveTimeout() by setting the
timeout to be MAX_INT/1000 since the math following will multiply it by 1000.
This is a follow-up of sorts from a Coverity change made last month:
https://www.redhat.com/archives/libvir-list/2013-January/msg02267.html
where it was noted that the timeout value math needed overflow protection.
---
src/rpc/virkeepalive.c | 9 +++++++++
1 file changed, 9 insertions(+)
pushed with change to error message
Tks,
John
4293
days inactive
4293
days old
3 comments
2 participants
participants (2)
-
Eric Blake -
John Ferlan