keepalive: Guard against integer overflow

Don't allow interval to be > MAX_INT/1000 in virKeepAliveStart() Guard against possible overflow in virKeepAliveTimeout() by setting the timeout to be MAX_INT/1000 since the math following will multiply it by 1000.
2024-09-14 03:35:05 +00:00 · 2013-02-05 17:58:25 -05:00 · 2013-02-05 17:58:25 -05:00 · 903f43ce6d
commit 903f43ce6d
parent 567779e51a
1 changed files with 9 additions and 0 deletions
--- a/src/rpc/virkeepalive.c
+++ b/src/rpc/virkeepalive.c
@ -252,6 +252,12 @@ virKeepAliveStart(virKeepAlivePtr ka,
                           _("keepalive interval already set"));
            goto cleanup;
        }
+        /* Guard against overflow */
+        if (interval > INT_MAX / 1000) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("keepalive interval %d too large"), interval);
+            goto cleanup;
+        }
        ka->interval = interval;
        ka->count = count;
        ka->countToDeath = count;
@ -323,6 +329,9 @@ virKeepAliveTimeout(virKeepAlivePtr ka)
        timeout = ka->interval - (time(NULL) - ka->intervalStart);
        if (timeout < 0)
            timeout = 0;
+        /* Guard against overflow */
+        if (timeout > INT_MAX / 1000)
+            timeout = INT_MAX / 1000;
    }

    virObjectUnlock(ka);