From d850a85b2374fe1b83779c0fc61463057eeca4ab Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>

Date: Mon, 24 Feb 2014 15:54:32 +0100

Subject: [PATCH] Prevent from grace period overflow in RPC transport

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

The RPC transports grace time as unsigned int, but the value stored

there and retrivedd from is treated as singed difference against current time.

This leads to overflow after expiring the grace time which is

presented as an enourmously large grace time instead of "none" in the

quota(1) output.

There also possible an overflow when the time difference is still

bigger than an int can represent.

This first issue is solved by explicit type cast to/from int32_t, the

second issue is fixes by limiting the value into int32_t range.

<https://sourceforge.net/p/linuxquota/bugs/115/>

Signed-off-by: Petr Písař <ppisar@redhat.com>

Signed-off-by: Jan Kara <jack@suse.cz>

---

 quotasys.c      | 13 +++++++++++++

 quotasys.h      |  4 ++++

 rquota_client.c | 10 ++++++----

 rquota_server.c |  9 +++++----

 4 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/quotasys.c b/quotasys.c

index 120125a..a5737a8 100644

--- a/quotasys.c

+++ b/quotasys.c

@@ -23,6 +23,7 @@

 #include <sys/types.h>

 #include <sys/stat.h>

 #include <sys/vfs.h>

+#include <stdint.h>

 #include "pot.h"

 #include "bylabel.h"

@@ -323,6 +324,18 @@ void difftime2str(time_t seconds, char *buf)

 }

 /*

+ * Round difference of two time_t values into int32_t

+ */

+int32_t difftime2net(time_t later, time_t sooner)

+{

+	if ((later - sooner) > INT32_MAX)

+		return INT32_MAX;

+	if ((later - sooner) < INT32_MIN)

+		return INT32_MIN;

+	return (later - sooner);

+}

+

+/*

  * Convert time to printable form

  */

 void time2str(time_t seconds, char *buf, int flags)

diff --git a/quotasys.h b/quotasys.h

index e79f8cd..d8d79fe 100644

--- a/quotasys.h

+++ b/quotasys.h

@@ -8,6 +8,7 @@

 #define GUARD_QUOTASYS_H

 #include <sys/types.h>

+#include <inttypes.h>

 #include "mntopt.h"

 #include "quota.h"

@@ -100,6 +101,9 @@ int util2kernfmt(int fmt);

 /* Convert time difference between given time and current time to printable form */

 void difftime2str(time_t, char *);

+/* Round difference of two time_t values into int32_t */

+int32_t difftime2net(time_t later, time_t sooner);

+

 /* Convert time to printable form */

 void time2str(time_t, char *, int);

diff --git a/rquota_client.c b/rquota_client.c

index e26e066..9d4055e 100644

--- a/rquota_client.c

+++ b/rquota_client.c

@@ -32,11 +32,13 @@

 #include <string.h>

 #include <signal.h>

 #include <time.h>

+#include <stdint.h>

 #include "mntopt.h"

 #include "rquota.h"

 #include "common.h"

 #include "quotaio.h"

+#include "quotasys.h"

 #if defined(RPC)

@@ -54,11 +56,11 @@ static inline void clinet2utildqblk(struct util_dqblk *u, struct rquota *n)

 	u->dqb_curspace = ((qsize_t)n->rq_curblocks) * n->rq_bsize;

 	time(&now;;

 	if (n->rq_btimeleft)

-		u->dqb_btime = n->rq_btimeleft + now;

+		u->dqb_btime = (int32_t)n->rq_btimeleft + now;

 	else

 		u->dqb_btime = 0;

 	if (n->rq_ftimeleft)

-		u->dqb_itime = n->rq_ftimeleft + now;

+		u->dqb_itime = (int32_t)n->rq_ftimeleft + now;

 	else

 		u->dqb_itime = 0;

 }

@@ -76,11 +78,11 @@ static inline void cliutil2netdqblk(struct sq_dqblk *n, struct util_dqblk *u)

 	n->rq_curblocks = toqb(u->dqb_curspace);

 	n->rq_curfiles = u->dqb_curinodes;

 	if (u->dqb_btime)

-		n->rq_btimeleft = u->dqb_btime - now;

+		n->rq_btimeleft = difftime2net(u->dqb_btime, now);

 	else

 		n->rq_btimeleft = 0;

 	if (u->dqb_itime)

-		n->rq_ftimeleft = u->dqb_itime - now;

+		n->rq_ftimeleft = difftime2net(u->dqb_itime, now);

 	else

 		n->rq_ftimeleft = 0;

 }

diff --git a/rquota_server.c b/rquota_server.c

index bf66e4d..09cf6ed 100644

--- a/rquota_server.c

+++ b/rquota_server.c

@@ -25,6 +25,7 @@

 #include <stdio.h>

 #include <syslog.h>

 #include <time.h>

+#include <stdint.h>

 #include "mntopt.h"

 #include "quotaops.h"

@@ -82,11 +83,11 @@ static inline void servnet2utildqblk(struct util_dqblk *u, sq_dqblk * n)

 	u->dqb_curspace = ((qsize_t)n->rq_curblocks) << RPC_DQBLK_SIZE_BITS;

 	u->dqb_curinodes = n->rq_curfiles;

 	if (n->rq_btimeleft)

-		u->dqb_btime = n->rq_btimeleft + now;

+		u->dqb_btime = (int32_t)n->rq_btimeleft + now;

 	else

 		u->dqb_btime = 0;

 	if (n->rq_ftimeleft)

-		u->dqb_itime = n->rq_ftimeleft + now;

+		u->dqb_itime = (int32_t)n->rq_ftimeleft + now;

 	else

 		u->dqb_itime = 0;

 }

@@ -127,11 +128,11 @@ static inline void servutil2netdqblk(struct rquota *n, struct util_dqblk *u)

 	time(&now;;

 	if (u->dqb_btime)

-		n->rq_btimeleft = u->dqb_btime - now;

+		n->rq_btimeleft = difftime2net(u->dqb_btime, now);

 	else

 		n->rq_btimeleft = 0;

 	if (u->dqb_itime)

-		n->rq_ftimeleft = u->dqb_itime - now;

+		n->rq_ftimeleft = difftime2net(u->dqb_itime, now);

 	else

 		n->rq_ftimeleft = 0;

 }

-- 

2.5.0