From c9604848bb4e9be45966dba9590f2331e15e0b53 Mon Sep 17 00:00:00 2001
From: cheloha <cheloha@openbsd.org>
Date: Tue, 22 May 2018 19:15:22 +0000
Subject: kevent: correctly check that timeout's nanoseconds are on [0,
 1000000000)

Validate the input with timespecfix before truncating to a timeval.
timespecfix does not round, so we need to to it by hand after validation.

FreeBSD and NetBSD check the input with this range, we ought to as well.

Also add a regression test for this case.

ok tb@
---
 regress/sys/kern/kqueue/kqueue-timer.c | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

(limited to 'regress/sys/kern/kqueue/kqueue-timer.c')

diff --git a/regress/sys/kern/kqueue/kqueue-timer.c b/regress/sys/kern/kqueue/kqueue-timer.c
index 02114b5094e..e95c3ba4e52 100644
--- a/regress/sys/kern/kqueue/kqueue-timer.c
+++ b/regress/sys/kern/kqueue/kqueue-timer.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kqueue-timer.c,v 1.2 2016/09/20 23:05:27 bluhm Exp $	*/
+/*	$OpenBSD: kqueue-timer.c,v 1.3 2018/05/22 19:15:22 cheloha Exp $	*/
 /*
  * Copyright (c) 2015 Bret Stephen Lambert <blambert@openbsd.org>
  *
@@ -20,6 +20,7 @@
 #include <sys/event.h>
 
 #include <err.h>
+#include <errno.h>
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
@@ -68,3 +69,31 @@ do_timer(void)
 
 	return (0);
 }
+
+int
+do_invalid_timer(void)
+{
+	int i, kq, n;
+	struct kevent ev;
+	struct timespec invalid_ts[3] = { {-1, 0}, {0, -1}, {0, 1000000000L} };
+
+	ASS((kq = kqueue()) >= 0,
+	    warn("kqueue"));
+
+	memset(&ev, 0, sizeof(ev));
+	ev.filter = EVFILT_TIMER;
+	ev.flags = EV_ADD | EV_ENABLE;
+	ev.data = 500;			/* 1/2 second in ms */
+
+	n = kevent(kq, &ev, 1, NULL, 0, NULL);
+	ASSX(n != -1);
+
+	for (i = 0; i < 3; i++) {
+		n = kevent(kq, NULL, 0, &ev, 1, &invalid_ts[i]);
+		ASS(n == -1 && errno == EINVAL,
+		    warn("kevent: timeout %lld %ld",
+		    (long long)invalid_ts[i].tv_sec, invalid_ts[i].tv_nsec));
+	}
+
+	return (0);
+}
-- 
cgit v1.2.3-59-g8ed1b