[quota] Prevent from grace period overflow in RPC transport
Petr Pisar
ppisar at fedoraproject.org
Wed Mar 5 08:17:29 UTC 2014
commit 93cccec5176da25ae54279b87336f4ed987e168d
Author: Petr Písař <ppisar at redhat.com>
Date: Wed Mar 5 09:03:11 2014 +0100
Prevent from grace period overflow in RPC transport
...om-grace-period-overflow-in-RPC-transport.patch | 167 ++++++++++++++++++++
quota.spec | 9 +-
2 files changed, 175 insertions(+), 1 deletions(-)
---
diff --git a/quota-4.01-Prevent-from-grace-period-overflow-in-RPC-transport.patch b/quota-4.01-Prevent-from-grace-period-overflow-in-RPC-transport.patch
new file mode 100644
index 0000000..1f6357d
--- /dev/null
+++ b/quota-4.01-Prevent-from-grace-period-overflow-in-RPC-transport.patch
@@ -0,0 +1,167 @@
+From 6842c7cff2542af8e1c693f3bc6c52b1b2e87caa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar at redhat.com>
+Date: Mon, 24 Feb 2014 15:54:32 +0100
+Subject: [PATCH] Prevent from grace period overflow in RPC transport
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The RPC transports grace time as unsigned int, but the value stored
+there and retrivedd from is treated as singed difference against current time.
+
+This leads to overflow after expiring the grace time which is
+presented as an enourmously large grace time instead of "none" in the
+quota(1) output.
+
+There also possible an overflow when the time difference is still
+bigger than an int can represent.
+
+This first issue is solved by explicit type cast to/from int32_t, the
+second issue is fixes by limiting the value into int32_t range.
+
+<https://sourceforge.net/p/linuxquota/bugs/115/>
+
+Signed-off-by: Petr Písař <ppisar at redhat.com>
+---
+ quotasys.c | 13 +++++++++++++
+ quotasys.h | 4 ++++
+ rquota_client.c | 9 +++++----
+ rquota_server.c | 9 +++++----
+ 4 files changed, 27 insertions(+), 8 deletions(-)
+
+diff --git a/quotasys.c b/quotasys.c
+index dee5118..b52c1d2 100644
+--- a/quotasys.c
++++ b/quotasys.c
+@@ -23,6 +23,7 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/vfs.h>
++#include <stdint.h>
+
+ #include "pot.h"
+ #include "bylabel.h"
+@@ -323,6 +324,18 @@ void difftime2str(time_t seconds, char *buf)
+ }
+
+ /*
++ * Round difference of two time_t values into int32_t
++ */
++int32_t difftime2net(time_t later, time_t sooner)
++{
++ if ((later - sooner) > INT32_MAX)
++ return INT32_MAX;
++ if ((later - sooner) < INT32_MIN)
++ return INT32_MIN;
++ return (later - sooner);
++}
++
++/*
+ * Convert time to printable form
+ */
+ void time2str(time_t seconds, char *buf, int flags)
+diff --git a/quotasys.h b/quotasys.h
+index 5ca26e6..7877cdd 100644
+--- a/quotasys.h
++++ b/quotasys.h
+@@ -8,6 +8,7 @@
+ #define GUARD_QUOTASYS_H
+
+ #include <sys/types.h>
++#include <inttypes.h>
+ #include "mntopt.h"
+ #include "quota.h"
+
+@@ -100,6 +101,9 @@ int util2kernfmt(int fmt);
+ /* Convert time difference between given time and current time to printable form */
+ void difftime2str(time_t, char *);
+
++/* Round difference of two time_t values into int32_t */
++int32_t difftime2net(time_t later, time_t sooner);
++
+ /* Convert time to printable form */
+ void time2str(time_t, char *, int);
+
+diff --git a/rquota_client.c b/rquota_client.c
+index e26e066..00adae2 100644
+--- a/rquota_client.c
++++ b/rquota_client.c
+@@ -32,6 +32,7 @@
+ #include <string.h>
+ #include <signal.h>
+ #include <time.h>
++#include <stdint.h>
+
+ #include "mntopt.h"
+ #include "rquota.h"
+@@ -54,11 +55,11 @@ static inline void clinet2utildqblk(struct util_dqblk *u, struct rquota *n)
+ u->dqb_curspace = ((qsize_t)n->rq_curblocks) * n->rq_bsize;
+ time(&now);
+ if (n->rq_btimeleft)
+- u->dqb_btime = n->rq_btimeleft + now;
++ u->dqb_btime = (int32_t)n->rq_btimeleft + now;
+ else
+ u->dqb_btime = 0;
+ if (n->rq_ftimeleft)
+- u->dqb_itime = n->rq_ftimeleft + now;
++ u->dqb_itime = (int32_t)n->rq_ftimeleft + now;
+ else
+ u->dqb_itime = 0;
+ }
+@@ -76,11 +77,11 @@ static inline void cliutil2netdqblk(struct sq_dqblk *n, struct util_dqblk *u)
+ n->rq_curblocks = toqb(u->dqb_curspace);
+ n->rq_curfiles = u->dqb_curinodes;
+ if (u->dqb_btime)
+- n->rq_btimeleft = u->dqb_btime - now;
++ n->rq_btimeleft = difftime2net(u->dqb_btime, now);
+ else
+ n->rq_btimeleft = 0;
+ if (u->dqb_itime)
+- n->rq_ftimeleft = u->dqb_itime - now;
++ n->rq_ftimeleft = difftime2net(u->dqb_itime, now);
+ else
+ n->rq_ftimeleft = 0;
+ }
+diff --git a/rquota_server.c b/rquota_server.c
+index bf66e4d..09cf6ed 100644
+--- a/rquota_server.c
++++ b/rquota_server.c
+@@ -25,6 +25,7 @@
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <time.h>
++#include <stdint.h>
+
+ #include "mntopt.h"
+ #include "quotaops.h"
+@@ -82,11 +83,11 @@ static inline void servnet2utildqblk(struct util_dqblk *u, sq_dqblk * n)
+ u->dqb_curspace = ((qsize_t)n->rq_curblocks) << RPC_DQBLK_SIZE_BITS;
+ u->dqb_curinodes = n->rq_curfiles;
+ if (n->rq_btimeleft)
+- u->dqb_btime = n->rq_btimeleft + now;
++ u->dqb_btime = (int32_t)n->rq_btimeleft + now;
+ else
+ u->dqb_btime = 0;
+ if (n->rq_ftimeleft)
+- u->dqb_itime = n->rq_ftimeleft + now;
++ u->dqb_itime = (int32_t)n->rq_ftimeleft + now;
+ else
+ u->dqb_itime = 0;
+ }
+@@ -127,11 +128,11 @@ static inline void servutil2netdqblk(struct rquota *n, struct util_dqblk *u)
+
+ time(&now);
+ if (u->dqb_btime)
+- n->rq_btimeleft = u->dqb_btime - now;
++ n->rq_btimeleft = difftime2net(u->dqb_btime, now);
+ else
+ n->rq_btimeleft = 0;
+ if (u->dqb_itime)
+- n->rq_ftimeleft = u->dqb_itime - now;
++ n->rq_ftimeleft = difftime2net(u->dqb_itime, now);
+ else
+ n->rq_ftimeleft = 0;
+ }
+--
+1.8.5.3
+
diff --git a/quota.spec b/quota.spec
index b5431c4..3d4af55 100644
--- a/quota.spec
+++ b/quota.spec
@@ -5,7 +5,7 @@ Name: quota
Summary: System administration tools for monitoring users' disk usage
Epoch: 1
Version: 4.01
-Release: 11%{?dist}
+Release: 12%{?dist}
# quota_nld.c, quotaio_xfs.h: GPLv2
# bylabel.c copied from util-linux: GPLv2+
# svc_socket.c copied from glibc: LGPLv2+
@@ -66,6 +66,9 @@ Patch20: quota-4.01-Add-quotatab-5-manual-page.patch
Patch21: quota-4.01-Add-warnquota.conf-5-manual-page.patch
# In upstream after 4.01, <https://sourceforge.net/p/linuxquota/patches/39/>
Patch22: quota-4.01-Improve-rcp.rquota-8-manual-page.patch
+# Proposed to upstream, <https://sourceforge.net/p/linuxquota/bugs/115/>,
+# bug #1072769
+Patch23: quota-4.01-Prevent-from-grace-period-overflow-in-RPC-transport.patch
%description
The quota package contains system administration tools for monitoring
@@ -159,6 +162,7 @@ Linux/UNIX environment.
%patch20 -p1 -b .doc_quotatab
%patch21 -p1 -b .doc_warnquota
%patch22 -p1 -b .doc_rquota
+%patch23 -p1 -b .rpc_time
#fix typos/mistakes in localized documentation
for pofile in $(find ./po/*.p*)
@@ -255,6 +259,9 @@ install -p -m644 -D %{SOURCE2} \
%changelog
+* Wed Mar 05 2014 Petr Pisar <ppisar at redhat.com> - 1:4.01-12
+- Prevent from grace period overflow in RPC transport (bug #1072769)
+
* Wed Oct 16 2013 Petr Pisar <ppisar at redhat.com> - 1:4.01-11
- Move /sbin/* files under /usr (bug #983179)
- Harden executables due to rpc.rquotad and quota_nld daemons (bug #983179)
More information about the scm-commits
mailing list