From 5a6b5f3c69d79b2dafb840d2b06eeff7c19ec954 Mon Sep 17 00:00:00 2001 From: Andriy Voskoboinyk Date: Fri, 4 Mar 2016 21:22:11 +0000 Subject: [PATCH] net80211: fix possible overflow in IEEE80211_TU_TO_TICKS() For hz=1000 any number, greater than 4194 causes integer overflow; this change casts the number to uint64_t before operating with it. Approved by: adrian (mentor) Differential Revision: https://reviews.freebsd.org/D5268 --- sys/net80211/ieee80211_var.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/net80211/ieee80211_var.h b/sys/net80211/ieee80211_var.h index 1dd57eef781..393c7c3bfe9 100644 --- a/sys/net80211/ieee80211_var.h +++ b/sys/net80211/ieee80211_var.h @@ -85,7 +85,7 @@ #define IEEE80211_MS_TO_TU(x) (((x) * 1000) / 1024) #define IEEE80211_TU_TO_MS(x) (((x) * 1024) / 1000) /* XXX TODO: cap this at 1, in case hz is not 1000 */ -#define IEEE80211_TU_TO_TICKS(x)(((x) * 1024 * hz) / (1000 * 1000)) +#define IEEE80211_TU_TO_TICKS(x)(((uint64_t)(x) * 1024 * hz) / (1000 * 1000)) /* * 802.11 control state is split into a common portion that maps