Fixup adjtimex freq validation on 32bit systems (rhbz 1188074)

This commit is contained in:
Justin M. Forbes 2015-02-02 14:30:41 -06:00
parent 586c0b53da
commit a80685f4b8
2 changed files with 55 additions and 1 deletions

View File

@ -0,0 +1,46 @@
From 1079a4c2288cf33c13d2c6ca3e07d4039b1f39f0 Mon Sep 17 00:00:00 2001
From: John Stultz <john.stultz@linaro.org>
Date: Mon, 2 Feb 2015 10:57:56 -0800
Subject: [PATCH] ntp: Fixup adjtimex freq validation on 32bit systems
Additional validation of adjtimex freq values to avoid
potential multiplication overflows were added in commit
5e5aeb4367b (time: adjtimex: Validate the ADJ_FREQUENCY values)
Unfortunately the patch used LONG_MAX/MIN instead of
LLONG_MAX/MIN, which was fine on 64bit systems, but caused
false positives on 32bit systems resulting in most direct
frequency adjustments to fail w/ EINVAL.
ntpd only does driect frequency adjustments at startup,
so the issue was not easily observed there, but other sync
applications like ptpd and chrony were more effected by
the bug.
Cc: Sasha Levin <sasha.levin@oracle.com>
Reported-by: Josh Boyer <jwboyer@fedoraproject.org>
Reported-by: George Joseph <george.joseph@fairview5.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
---
kernel/time/ntp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c
index 28bf91c..242774d 100644
--- a/kernel/time/ntp.c
+++ b/kernel/time/ntp.c
@@ -634,9 +634,9 @@ int ntp_validate_timex(struct timex *txc)
return -EPERM;
if (txc->modes & ADJ_FREQUENCY) {
- if (LONG_MIN / PPM_SCALE > txc->freq)
+ if (LLONG_MIN / PPM_SCALE > txc->freq)
return -EINVAL;
- if (LONG_MAX / PPM_SCALE < txc->freq)
+ if (LLONG_MAX / PPM_SCALE < txc->freq)
return -EINVAL;
}
--
1.9.1

View File

@ -62,7 +62,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
%global baserelease 100
%global baserelease 101
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@ -753,6 +753,9 @@ Patch30001: mpssd-x86-only.patch
# rhbz 1183744 1188347
Patch30002: ipv4-try-to-cache-dst_entries-which-would-cause-a-re.patch
#rhbz 1188074
Patch30003: 0001-ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch
# END OF PATCH DEFINITIONS
%endif
@ -1469,6 +1472,9 @@ ApplyPatch mpssd-x86-only.patch
# rhbz 1183744 1188347
ApplyPatch ipv4-try-to-cache-dst_entries-which-would-cause-a-re.patch
#rhbz 1188074
ApplyPatch 0001-ntp-Fixup-adjtimex-freq-validation-on-32bit-systems.patch
%if 0%{?aarch64patches}
ApplyPatch kernel-arm64.patch
%ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does.
@ -2287,6 +2293,8 @@ fi
# ||----w |
# || ||
%changelog
* Mon Feb 02 2015 Justin M. Forbes <jforbes@fedoraproject.org> - 3.18.5-101
- Fixup adjtimex freq validation on 32bit systems (rhbz 1188074)
* Mon Feb 02 2015 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-XXXX-XXX DoS due to routing packets to too many different dsts/too fast (rhbz 1183744 1188347)