Fix integer overflow in the foreign master bookkeeping code.
The logMessageInterval field has an improbable range from 2^-128 to 2^127 seconds. The extreme ends cause an integer overflow in the calculation of the "foreign master time window". Buggy or mis-configured foreign masters advertising extreme values will cause incorrect announce message aging. This patch fixes the issue by adding thresholds for the bogus extremes. Signed-off-by: Richard Cochran <richardcochran@gmail.com>master
parent
7b438defe5
commit
a8a3ddec6a
9
port.c
9
port.c
|
@ -163,10 +163,15 @@ static int msg_current(struct ptp_message *m, struct timespec now)
|
||||||
t1 = m->ts.host.tv_sec * NSEC2SEC + m->ts.host.tv_nsec;
|
t1 = m->ts.host.tv_sec * NSEC2SEC + m->ts.host.tv_nsec;
|
||||||
t2 = now.tv_sec * NSEC2SEC + now.tv_nsec;
|
t2 = now.tv_sec * NSEC2SEC + now.tv_nsec;
|
||||||
|
|
||||||
if (m->header.logMessageInterval < 0)
|
if (m->header.logMessageInterval < -63) {
|
||||||
|
tmo = 0;
|
||||||
|
} else if (m->header.logMessageInterval > 31) {
|
||||||
|
tmo = INT64_MAX;
|
||||||
|
} else if (m->header.logMessageInterval < 0) {
|
||||||
tmo = 4LL * NSEC2SEC / (1 << -m->header.logMessageInterval);
|
tmo = 4LL * NSEC2SEC / (1 << -m->header.logMessageInterval);
|
||||||
else
|
} else {
|
||||||
tmo = 4LL * (1 << m->header.logMessageInterval) * NSEC2SEC;
|
tmo = 4LL * (1 << m->header.logMessageInterval) * NSEC2SEC;
|
||||||
|
}
|
||||||
|
|
||||||
return t2 - t1 < tmo;
|
return t2 - t1 < tmo;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue