aboutsummaryrefslogtreecommitdiffstats
path: root/src/utils/eloop_win.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2011-01-27 12:02:03 (GMT)
committerJouni Malinen <j@w1.fi>2011-03-06 12:31:20 (GMT)
commit0fa0ad4e179adee291b8a8e06ecee515373c90a5 (patch)
tree8d00398c8f3bb503b8b666448fb1fc425e334e98 /src/utils/eloop_win.c
parent9fc6aa9f959a4b86b41049c3985ae0a0405da027 (diff)
downloadhostap-0fa0ad4e179adee291b8a8e06ecee515373c90a5.zip
hostap-0fa0ad4e179adee291b8a8e06ecee515373c90a5.tar.gz
hostap-0fa0ad4e179adee291b8a8e06ecee515373c90a5.tar.bz2
eloop: Fix integer overflow in long timeouts
If the os_time_t variable used for the expiration time (seconds) overflows when the registered timeout value is being added, assume that the event would happen after an infinite time, i.e., would not really happen in practice. This fixes issues with long key timeouts getting converted to immediate expiration due to the overflow.
Diffstat (limited to 'src/utils/eloop_win.c')
-rw-r--r--src/utils/eloop_win.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/utils/eloop_win.c b/src/utils/eloop_win.c
index 94cc72d..c726ece 100644
--- a/src/utils/eloop_win.c
+++ b/src/utils/eloop_win.c
@@ -243,12 +243,24 @@ int eloop_register_timeout(unsigned int secs, unsigned int usecs,
void *eloop_data, void *user_data)
{
struct eloop_timeout *timeout, *tmp, *prev;
+ os_time_t now_sec;
timeout = os_malloc(sizeof(*timeout));
if (timeout == NULL)
return -1;
os_get_time(&timeout->time);
+ now_sec = timeout->time.sec;
timeout->time.sec += secs;
+ if (timeout->time.sec < now_sec) {
+ /*
+ * Integer overflow - assume long enough timeout to be assumed
+ * to be infinite, i.e., the timeout would never happen.
+ */
+ wpa_printf(MSG_DEBUG, "ELOOP: Too long timeout (secs=%u) to "
+ "ever happen - ignore it", secs);
+ os_free(timeout);
+ return 0;
+ }
timeout->time.usec += usecs;
while (timeout->time.usec >= 1000000) {
timeout->time.sec++;