From d51289622fd47072c075711a8e297c4cc8d96027 Mon Sep 17 00:00:00 2001
From: "Raphael S. Carvalho" <raphaelsc@cloudius-systems.com>
Date: Tue, 6 May 2014 12:50:03 -0300
Subject: [PATCH] timerfd: Add nsec validity check to timerfd_settime

According to the manual page, the nsec field from both it_value
and it_interval must be checked, if wrong, return EINVAL.

Reviewed-by: Nadav Har'El <nyh@cloudius-systems.com>
Signed-off-by: Raphael S. Carvalho <raphaelsc@cloudius-systems.com>
Signed-off-by: Pekka Enberg <penberg@cloudius-systems.com>
---
 libc/timerfd.cc | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/libc/timerfd.cc b/libc/timerfd.cc
index dc6670e70..46d9d65d2 100644
--- a/libc/timerfd.cc
+++ b/libc/timerfd.cc
@@ -253,6 +253,11 @@ int timerfd_create(int clockid, int flags) {
 
 static constexpr s64 second = 1000000000;
 
+static bool check_nsec_validity(long nsec)
+{
+    return (nsec >= 0 && nsec < second);
+}
+
 int timerfd_settime(int fd, int flags, const itimerspec *newval,
         itimerspec *oldval)
 {
@@ -266,6 +271,11 @@ int timerfd_settime(int fd, int flags, const itimerspec *newval,
         errno = EINVAL;
         return -1;
     }
+    if (!check_nsec_validity(newval->it_value.tv_nsec) ||
+        !check_nsec_validity(newval->it_interval.tv_nsec)) {
+        errno = EINVAL;
+        return -1;
+    }
 
     s64 expiration, interval;
     auto now = tf->time_now();
-- 
GitLab