Module Name: src
Committed By: kamil
Date: Wed Jul 4 00:35:34 UTC 2018
Modified Files:
src/sys/netinet6: in6.c
Log Message:
Paper over Undefined Behavior in in6_control1()
Replace calculation of maxexpire (TIME_MAX) with a construct that triggers
UB with a one that uses implementation defined semantics.
No functional change intended.
An attempt to appease KUBSAn.
Detected with Kernel Undefined Behavior Sanitizer.
Reported by <Harry Pantazis>
To generate a diff of this commit:
cvs rdiff -u -r1.268 -r1.269 src/sys/netinet6/in6.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet6/in6.c
diff -u src/sys/netinet6/in6.c:1.268 src/sys/netinet6/in6.c:1.269
--- src/sys/netinet6/in6.c:1.268 Tue May 29 09:10:39 2018
+++ src/sys/netinet6/in6.c Wed Jul 4 00:35:33 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: in6.c,v 1.268 2018/05/29 09:10:39 prlw1 Exp $ */
+/* $NetBSD: in6.c,v 1.269 2018/07/04 00:35:33 kamil Exp $ */
/* $KAME: in6.c,v 1.198 2001/07/18 09:12:38 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.268 2018/05/29 09:10:39 prlw1 Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6.c,v 1.269 2018/07/04 00:35:33 kamil Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -632,7 +632,7 @@ in6_control1(struct socket *so, u_long c
* signed.
*/
maxexpire = ((time_t)~0) &
- ~((time_t)1 << ((sizeof(maxexpire) * NBBY) - 1));
+ (time_t)~(1ULL << ((sizeof(maxexpire) * NBBY) - 1));
if (ia->ia6_lifetime.ia6t_vltime <
maxexpire - ia->ia6_updatetime) {
retlt->ia6t_expire = ia->ia6_updatetime +
@@ -653,7 +653,7 @@ in6_control1(struct socket *so, u_long c
* signed.
*/
maxexpire = ((time_t)~0) &
- ~((time_t)1 << ((sizeof(maxexpire) * NBBY) - 1));
+ (time_t)~(1ULL << ((sizeof(maxexpire) * NBBY) - 1));
if (ia->ia6_lifetime.ia6t_pltime <
maxexpire - ia->ia6_updatetime) {
retlt->ia6t_preferred = ia->ia6_updatetime +
