Patchwork rtc: Fix alarm rollover when day or month is out-of-range

login
register
mail settings
Submitter Ben Hutchings
Date Dec. 29, 2011, 3:41 p.m.
Message ID <1325173316.13595.25.camel@deadeye>
Download mbox | patch
Permalink /patch/133554/
State New
Headers show

Comments

Ben Hutchings - Dec. 29, 2011, 3:41 p.m.
Commit f44f7f96a20af16f6f12e1c995576d6becf5f57b ('RTC: Initialize
kernel state from RTC') introduced a potential infinite loop.  If an
alarm time contains a wildcard month and an invalid day (> 31), or a
wildcard year and an invalid month (>= 12), the loop searching for the
next matching date will never terminate.  Treat the invalid values as
wildcards.

Reported-by: leo weppelman <leoweppelman@googlemail.com>
Reported-by: "P. van Gaans" <mailme667@yahoo.co.uk>
References: http://bugs.debian.org/646429
References: http://bugs.debian.org/653331
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: stable@vger.kernel.org
---
I'm not sure whether the out-of-range values should be sanitised
earlier.  The rtc-cmos driver certainly does not do this.

Ben.

 drivers/rtc/interface.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

Patch

diff --git a/drivers/rtc/interface.c b/drivers/rtc/interface.c
index 3d9d2b9..f79ff34 100644
--- a/drivers/rtc/interface.c
+++ b/drivers/rtc/interface.c
@@ -227,11 +227,11 @@  int __rtc_read_alarm(struct rtc_device *rtc, struct rtc_wkalrm *alarm)
 		alarm->time.tm_hour = now.tm_hour;
 
 	/* For simplicity, only support date rollover for now */
-	if (alarm->time.tm_mday == -1) {
+	if (alarm->time.tm_mday < 1 || alarm->time.tm_mday > 31) {
 		alarm->time.tm_mday = now.tm_mday;
 		missing = day;
 	}
-	if (alarm->time.tm_mon == -1) {
+	if ((unsigned)alarm->time.tm_mon >= 12) {
 		alarm->time.tm_mon = now.tm_mon;
 		if (missing == none)
 			missing = month;