keepalive: Guard against integer overflow

Don't allow interval to be > MAX_INT/1000 in virKeepAliveStart() Guard against possible overflow in virKeepAliveTimeout() by setting the timeout to be MAX_INT/1000 since the math following will multiply it by 1000.

keepalive: Guard against integer overflow
Don't allow interval to be > MAX_INT/1000 in virKeepAliveStart() Guard against possible overflow in virKeepAliveTimeout() by setting the timeout to be MAX_INT/1000 since the math following will multiply it by 1000.
903f43ce · John Ferlan · 567779e5 · 903f43ce
隐藏空白更改
内联并排

Showing with 9 addition and 0 deletion

src/rpc/virkeepalive.c src/rpc/virkeepalive.c +9 -0

未找到文件。
--- a/src/rpc/virkeepalive.c
+++ b/src/rpc/virkeepalive.c
@@ -252,6 +252,12 @@ virKeepAliveStart(virKeepAlivePtr ka,
                           _("keepalive interval already set"));
            goto cleanup;
        }
+        /* Guard against overflow */
+        if (interval > INT_MAX / 1000) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("keepalive interval %d too large"), interval);
+            goto cleanup;
+        }
        ka->interval = interval;
        ka->count = count;
        ka->countToDeath = count;
@@ -323,6 +329,9 @@ virKeepAliveTimeout(virKeepAlivePtr ka)
        timeout = ka->interval - (time(NULL) - ka->intervalStart);
        if (timeout < 0)
            timeout = 0;
+        /* Guard against overflow */
+        if (timeout > INT_MAX / 1000)
+            timeout = INT_MAX / 1000;
    }

    virObjectUnlock(ka);