utils:Fix potential bug in function eloop_register_timeout

Message ID	20210913091415.9118-1-wangxinpeng@uniontech.com
State	Accepted
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: xinpeng wang <wangxinpeng@uniontech.com> To: hostap@lists.infradead.org Cc: xinpeng wang <wangxinpeng@uniontech.com> Subject: [PATCH] utils:Fix potential bug in function eloop_register_timeout Date: Mon, 13 Sep 2021 17:14:15 +0800 Message-Id: <20210913091415.9118-1-wangxinpeng@uniontech.com> MIME-Version: 1.0 Feedback-ID: bizesmtp:uniontech.com:qybgforeign:qybgforeign5 preview: In the process of processing usec, sec is increased and may overflow. Signed-off-by: xinpeng wang <wangxinpeng@uniontech.com> --- src/utils/eloop.c \| 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/utils/eloop.c b/src/utils/eloop.c index b353ab0e4..1535e9469 100644 --- a/src/utils/eloop.c +++ b/src/utils/eloop.c @@ -800, 6 +800, 16 @@ int eloop_register_timeout(unsigned int secs, [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [54.254.200.128 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [54.254.200.128 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	utils:Fix potential bug in function eloop_register_timeout \| expand utils:Fix potential bug in function eloop_register_timeout

Message ID

20210913091415.9118-1-wangxinpeng@uniontech.com

State

Accepted

Headers

From: xinpeng wang <wangxinpeng@uniontech.com>
To: hostap@lists.infradead.org
Cc: xinpeng wang <wangxinpeng@uniontech.com>
Subject: [PATCH] utils:Fix potential bug in function eloop_register_timeout
Date: Mon, 13 Sep 2021 17:14:15 +0800
Message-Id: <20210913091415.9118-1-wangxinpeng@uniontech.com>
MIME-Version: 1.0
Feedback-ID: bizesmtp:uniontech.com:qybgforeign:qybgforeign5
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

utils:Fix potential bug in function eloop_register_timeout | expand

In the process of processing usec, sec is increased and may overflow. Signed-off-by: xinpeng wang <wangxinpeng@uniontech.com> --- src/utils/eloop.c | 10 ++++++++++ 1 file changed, 10 insertions(+)

Comments

Jouni Malinen Oct. 22, 2021, 5:40 p.m. UTC | #1

On Mon, Sep 13, 2021 at 05:14:15PM +0800, xinpeng wang wrote:
> In the process of processing usec, sec is increased and may overflow.

Thanks, applied with some cleanup.

diff --git a/src/utils/eloop.c b/src/utils/eloop.c
index b353ab0e4..1535e9469 100644
--- a/src/utils/eloop.c
+++ b/src/utils/eloop.c
@@ -800,6 +800,16 @@  int eloop_register_timeout(unsigned int secs, unsigned int usecs,
 		timeout->time.sec++;
 		timeout->time.usec -= 1000000;
 	}
+	if (timeout->time.sec < now_sec) {
+		/*
+		 * Integer overflow - assume long enough timeout to be assumed
+		 * to be infinite, i.e., the timeout would never happen.
+		 */
+		wpa_printf(MSG_DEBUG, "ELOOP: Too long timeout (secs=%u usecs=%u) to "
+			   "ever happen - ignore it", secs,usecs);
+		os_free(timeout);
+		return 0;
+	}
 	timeout->eloop_data = eloop_data;
 	timeout->user_data = user_data;
 	timeout->handler = handler;

utils:Fix potential bug in function eloop_register_timeout

Commit Message

Comments

Patch