In the process of processing usec, sec is increased and may overflow.
Signed-off-by: xinpeng wang <wangxinpeng@xxxxxxxxxxxxx>
---
src/utils/eloop.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/utils/eloop.c b/src/utils/eloop.c
index b353ab0e4..1535e9469 100644
--- a/src/utils/eloop.c
+++ b/src/utils/eloop.c
@@ -800,6 +800,16 @@ int eloop_register_timeout(unsigned int secs, unsigned int usecs,
timeout->time.sec++;
timeout->time.usec -= 1000000;
}
+ if (timeout->time.sec < now_sec) {
+ /*
+ * Integer overflow - assume long enough timeout to be assumed
+ * to be infinite, i.e., the timeout would never happen.
+ */
+ wpa_printf(MSG_DEBUG, "ELOOP: Too long timeout (secs=%u usecs=%u) to "
+ "ever happen - ignore it", secs,usecs);
+ os_free(timeout);
+ return 0;
+ }
timeout->eloop_data = eloop_data;
timeout->user_data = user_data;
timeout->handler = handler;
--
2.20.1
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
