diff options
| author | Petr Písař <ppisar@redhat.com> | 2014-02-24 15:54:32 +0100 |
|---|---|---|
| committer | Jan Kara <jack@suse.cz> | 2014-05-01 19:40:44 +0200 |
| commit | d850a85b2374fe1b83779c0fc61463057eeca4ab (patch) | |
| tree | 67d0bccb4b3f383e21b01719381ea878e2b6d2c9 | |
| parent | 7cc53f085ba8b8efe1887d1c5cfdeb7b61f904d2 (diff) | |
| download | quota-tools-d850a85b2374fe1b83779c0fc61463057eeca4ab.tar.gz | |
Prevent from grace period overflow in RPC transport
The RPC transports grace time as unsigned int, but the value stored
there and retrivedd from is treated as singed difference against current time.
This leads to overflow after expiring the grace time which is
presented as an enourmously large grace time instead of "none" in the
quota(1) output.
There also possible an overflow when the time difference is still
bigger than an int can represent.
This first issue is solved by explicit type cast to/from int32_t, the
second issue is fixes by limiting the value into int32_t range.
<https://sourceforge.net/p/linuxquota/bugs/115/>
Signed-off-by: Petr Písař <ppisar@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
| -rw-r--r-- | quotasys.c | 13 | ||||
| -rw-r--r-- | quotasys.h | 4 | ||||
| -rw-r--r-- | rquota_client.c | 10 | ||||
| -rw-r--r-- | rquota_server.c | 9 |
4 files changed, 28 insertions, 8 deletions
@@ -23,6 +23,7 @@ #include <sys/types.h> #include <sys/stat.h> #include <sys/vfs.h> +#include <stdint.h> #include "pot.h" #include "bylabel.h" @@ -323,6 +324,18 @@ void difftime2str(time_t seconds, char *buf) } /* + * Round difference of two time_t values into int32_t + */ +int32_t difftime2net(time_t later, time_t sooner) +{ + if ((later - sooner) > INT32_MAX) + return INT32_MAX; + if ((later - sooner) < INT32_MIN) + return INT32_MIN; + return (later - sooner); +} + +/* * Convert time to printable form */ void time2str(time_t seconds, char *buf, int flags) @@ -8,6 +8,7 @@ #define GUARD_QUOTASYS_H #include <sys/types.h> +#include <inttypes.h> #include "mntopt.h" #include "quota.h" @@ -100,6 +101,9 @@ int util2kernfmt(int fmt); /* Convert time difference between given time and current time to printable form */ void difftime2str(time_t, char *); +/* Round difference of two time_t values into int32_t */ +int32_t difftime2net(time_t later, time_t sooner); + /* Convert time to printable form */ void time2str(time_t, char *, int); diff --git a/rquota_client.c b/rquota_client.c index e26e066..9d4055e 100644 --- a/rquota_client.c +++ b/rquota_client.c @@ -32,11 +32,13 @@ #include <string.h> #include <signal.h> #include <time.h> +#include <stdint.h> #include "mntopt.h" #include "rquota.h" #include "common.h" #include "quotaio.h" +#include "quotasys.h" #if defined(RPC) @@ -54,11 +56,11 @@ static inline void clinet2utildqblk(struct util_dqblk *u, struct rquota *n) u->dqb_curspace = ((qsize_t)n->rq_curblocks) * n->rq_bsize; time(&now); if (n->rq_btimeleft) - u->dqb_btime = n->rq_btimeleft + now; + u->dqb_btime = (int32_t)n->rq_btimeleft + now; else u->dqb_btime = 0; if (n->rq_ftimeleft) - u->dqb_itime = n->rq_ftimeleft + now; + u->dqb_itime = (int32_t)n->rq_ftimeleft + now; else u->dqb_itime = 0; } @@ -76,11 +78,11 @@ static inline void cliutil2netdqblk(struct sq_dqblk *n, struct util_dqblk *u) n->rq_curblocks = toqb(u->dqb_curspace); n->rq_curfiles = u->dqb_curinodes; if (u->dqb_btime) - n->rq_btimeleft = u->dqb_btime - now; + n->rq_btimeleft = difftime2net(u->dqb_btime, now); else n->rq_btimeleft = 0; if (u->dqb_itime) - n->rq_ftimeleft = u->dqb_itime - now; + n->rq_ftimeleft = difftime2net(u->dqb_itime, now); else n->rq_ftimeleft = 0; } diff --git a/rquota_server.c b/rquota_server.c index bf66e4d..09cf6ed 100644 --- a/rquota_server.c +++ b/rquota_server.c @@ -25,6 +25,7 @@ #include <stdio.h> #include <syslog.h> #include <time.h> +#include <stdint.h> #include "mntopt.h" #include "quotaops.h" @@ -82,11 +83,11 @@ static inline void servnet2utildqblk(struct util_dqblk *u, sq_dqblk * n) u->dqb_curspace = ((qsize_t)n->rq_curblocks) << RPC_DQBLK_SIZE_BITS; u->dqb_curinodes = n->rq_curfiles; if (n->rq_btimeleft) - u->dqb_btime = n->rq_btimeleft + now; + u->dqb_btime = (int32_t)n->rq_btimeleft + now; else u->dqb_btime = 0; if (n->rq_ftimeleft) - u->dqb_itime = n->rq_ftimeleft + now; + u->dqb_itime = (int32_t)n->rq_ftimeleft + now; else u->dqb_itime = 0; } @@ -127,11 +128,11 @@ static inline void servutil2netdqblk(struct rquota *n, struct util_dqblk *u) time(&now); if (u->dqb_btime) - n->rq_btimeleft = u->dqb_btime - now; + n->rq_btimeleft = difftime2net(u->dqb_btime, now); else n->rq_btimeleft = 0; if (u->dqb_itime) - n->rq_ftimeleft = u->dqb_itime - now; + n->rq_ftimeleft = difftime2net(u->dqb_itime, now); else n->rq_ftimeleft = 0; } |