[libvirt] [PATCH] keepalive: Guard against integer overflow

Eric Blake eblake at redhat.com
Wed Feb 20 21:02:58 UTC 2013


On 02/20/2013 01:51 PM, John Ferlan wrote:
> Don't allow interval to be > MAX_INT/1000 in virKeepAliveStart()
> 
> Guard against possible overflow in virKeepAliveTimeout() by setting the 
> timeout to be MAX_INT/1000 since the math following will multiply it by 1000.
> 
> This is a follow-up of sorts from a Coverity change made last month:
> 
> https://www.redhat.com/archives/libvir-list/2013-January/msg02267.html
> 
> where it was noted that the timeout value math needed overflow protection.
> 
> ---
>  src/rpc/virkeepalive.c | 9 +++++++++
>  1 file changed, 9 insertions(+)

ACK.

> 
> diff --git a/src/rpc/virkeepalive.c b/src/rpc/virkeepalive.c
> index d1fa642..6d69559 100644
> --- a/src/rpc/virkeepalive.c
> +++ b/src/rpc/virkeepalive.c
> @@ -252,6 +252,12 @@ virKeepAliveStart(virKeepAlivePtr ka,
>                             _("keepalive interval already set"));
>              goto cleanup;
>          }
> +        /* Guard against overflow */
> +        if (interval > INT_MAX / 1000) {
> +            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> +                           _("keepalive interval too large"));
> +            goto cleanup;
> +        }
>          ka->interval = interval;
>          ka->count = count;
>          ka->countToDeath = count;
> @@ -323,6 +329,9 @@ virKeepAliveTimeout(virKeepAlivePtr ka)
>          timeout = ka->interval - (time(NULL) - ka->intervalStart);
>          if (timeout < 0)
>              timeout = 0;
> +        /* Guard against overflow */
> +        if (timeout > INT_MAX / 1000)
> +            timeout = INT_MAX / 1000;
>      }
>  
>      virObjectUnlock(ka);
> 

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130220/0caf22cb/attachment-0001.sig>


More information about the libvir-list mailing list