From e93d5404bc93abefd6eb14662ae111199c845a56 Mon Sep 17 00:00:00 2001
From: Petr Písař <ppisar@redhat.com>
Date: Mar 05 2014 08:19:46 +0000
Subject: Prevent from grace period overflow in RPC transport


---

diff --git a/quota-4.01-Prevent-from-grace-period-overflow-in-RPC-transport.patch b/quota-4.01-Prevent-from-grace-period-overflow-in-RPC-transport.patch
new file mode 100644
index 0000000..1f6357d
--- /dev/null
+++ b/quota-4.01-Prevent-from-grace-period-overflow-in-RPC-transport.patch
@@ -0,0 +1,167 @@
+From 6842c7cff2542af8e1c693f3bc6c52b1b2e87caa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
+Date: Mon, 24 Feb 2014 15:54:32 +0100
+Subject: [PATCH] Prevent from grace period overflow in RPC transport
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The RPC transports grace time as unsigned int, but the value stored
+there and retrivedd from is treated as singed difference against current time.
+
+This leads to overflow after expiring the grace time which is
+presented as an enourmously large grace time instead of "none" in the
+quota(1) output.
+
+There also possible an overflow when the time difference is still
+bigger than an int can represent.
+
+This first issue is solved by explicit type cast to/from int32_t, the
+second issue is fixes by limiting the value into int32_t range.
+
+<https://sourceforge.net/p/linuxquota/bugs/115/>
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+---
+ quotasys.c      | 13 +++++++++++++
+ quotasys.h      |  4 ++++
+ rquota_client.c |  9 +++++----
+ rquota_server.c |  9 +++++----
+ 4 files changed, 27 insertions(+), 8 deletions(-)
+
+diff --git a/quotasys.c b/quotasys.c
+index dee5118..b52c1d2 100644
+--- a/quotasys.c
++++ b/quotasys.c
+@@ -23,6 +23,7 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/vfs.h>
++#include <stdint.h>
+ 
+ #include "pot.h"
+ #include "bylabel.h"
+@@ -323,6 +324,18 @@ void difftime2str(time_t seconds, char *buf)
+ }
+ 
+ /*
++ * Round difference of two time_t values into int32_t
++ */
++int32_t difftime2net(time_t later, time_t sooner)
++{
++	if ((later - sooner) > INT32_MAX)
++		return INT32_MAX;
++	if ((later - sooner) < INT32_MIN)
++		return INT32_MIN;
++	return (later - sooner);
++}
++
++/*
+  * Convert time to printable form
+  */
+ void time2str(time_t seconds, char *buf, int flags)
+diff --git a/quotasys.h b/quotasys.h
+index 5ca26e6..7877cdd 100644
+--- a/quotasys.h
++++ b/quotasys.h
+@@ -8,6 +8,7 @@
+ #define GUARD_QUOTASYS_H
+ 
+ #include <sys/types.h>
++#include <inttypes.h>
+ #include "mntopt.h"
+ #include "quota.h"
+ 
+@@ -100,6 +101,9 @@ int util2kernfmt(int fmt);
+ /* Convert time difference between given time and current time to printable form */
+ void difftime2str(time_t, char *);
+ 
++/* Round difference of two time_t values into int32_t */
++int32_t difftime2net(time_t later, time_t sooner);
++
+ /* Convert time to printable form */
+ void time2str(time_t, char *, int);
+ 
+diff --git a/rquota_client.c b/rquota_client.c
+index e26e066..00adae2 100644
+--- a/rquota_client.c
++++ b/rquota_client.c
+@@ -32,6 +32,7 @@
+ #include <string.h>
+ #include <signal.h>
+ #include <time.h>
++#include <stdint.h>
+ 
+ #include "mntopt.h"
+ #include "rquota.h"
+@@ -54,11 +55,11 @@ static inline void clinet2utildqblk(struct util_dqblk *u, struct rquota *n)
+ 	u->dqb_curspace = ((qsize_t)n->rq_curblocks) * n->rq_bsize;
+ 	time(&now);
+ 	if (n->rq_btimeleft)
+-		u->dqb_btime = n->rq_btimeleft + now;
++		u->dqb_btime = (int32_t)n->rq_btimeleft + now;
+ 	else
+ 		u->dqb_btime = 0;
+ 	if (n->rq_ftimeleft)
+-		u->dqb_itime = n->rq_ftimeleft + now;
++		u->dqb_itime = (int32_t)n->rq_ftimeleft + now;
+ 	else
+ 		u->dqb_itime = 0;
+ }
+@@ -76,11 +77,11 @@ static inline void cliutil2netdqblk(struct sq_dqblk *n, struct util_dqblk *u)
+ 	n->rq_curblocks = toqb(u->dqb_curspace);
+ 	n->rq_curfiles = u->dqb_curinodes;
+ 	if (u->dqb_btime)
+-		n->rq_btimeleft = u->dqb_btime - now;
++		n->rq_btimeleft = difftime2net(u->dqb_btime, now);
+ 	else
+ 		n->rq_btimeleft = 0;
+ 	if (u->dqb_itime)
+-		n->rq_ftimeleft = u->dqb_itime - now;
++		n->rq_ftimeleft = difftime2net(u->dqb_itime, now);
+ 	else
+ 		n->rq_ftimeleft = 0;
+ }
+diff --git a/rquota_server.c b/rquota_server.c
+index bf66e4d..09cf6ed 100644
+--- a/rquota_server.c
++++ b/rquota_server.c
+@@ -25,6 +25,7 @@
+ #include <stdio.h>
+ #include <syslog.h>
+ #include <time.h>
++#include <stdint.h>
+ 
+ #include "mntopt.h"
+ #include "quotaops.h"
+@@ -82,11 +83,11 @@ static inline void servnet2utildqblk(struct util_dqblk *u, sq_dqblk * n)
+ 	u->dqb_curspace = ((qsize_t)n->rq_curblocks) << RPC_DQBLK_SIZE_BITS;
+ 	u->dqb_curinodes = n->rq_curfiles;
+ 	if (n->rq_btimeleft)
+-		u->dqb_btime = n->rq_btimeleft + now;
++		u->dqb_btime = (int32_t)n->rq_btimeleft + now;
+ 	else
+ 		u->dqb_btime = 0;
+ 	if (n->rq_ftimeleft)
+-		u->dqb_itime = n->rq_ftimeleft + now;
++		u->dqb_itime = (int32_t)n->rq_ftimeleft + now;
+ 	else
+ 		u->dqb_itime = 0;
+ }
+@@ -127,11 +128,11 @@ static inline void servutil2netdqblk(struct rquota *n, struct util_dqblk *u)
+ 
+ 	time(&now);
+ 	if (u->dqb_btime)
+-		n->rq_btimeleft = u->dqb_btime - now;
++		n->rq_btimeleft = difftime2net(u->dqb_btime, now);
+ 	else
+ 		n->rq_btimeleft = 0;
+ 	if (u->dqb_itime)
+-		n->rq_ftimeleft = u->dqb_itime - now;
++		n->rq_ftimeleft = difftime2net(u->dqb_itime, now);
+ 	else
+ 		n->rq_ftimeleft = 0;
+ }
+-- 
+1.8.5.3
+
diff --git a/quota.spec b/quota.spec
index 38746d4..233c518 100644
--- a/quota.spec
+++ b/quota.spec
@@ -5,7 +5,7 @@ Name: quota
 Summary: System administration tools for monitoring users' disk usage
 Epoch: 1
 Version: 4.01
-Release: 8%{?dist}
+Release: 9%{?dist}
 # quota_nld.c, quotaio_xfs.h:       GPLv2
 # bylabel.c copied from util-linux: GPLv2+
 # svc_socket.c copied from glibc:   LGPLv2+
@@ -57,6 +57,9 @@ Patch15: quota-4.01-Recognize-units-at-inode-limits-by-setquota.patch
 Patch16: quota-4.01-Recognize-units-at-inode-limits-by-edquota.patch
 # Submited to upstream
 Patch17: quota-4.01-Close-FILE-handles-on-error.patch
+# Proposed to upstream, <https://sourceforge.net/p/linuxquota/bugs/115/>,
+# bug #1072769
+Patch18: quota-4.01-Prevent-from-grace-period-overflow-in-RPC-transport.patch
 
 
 %description
@@ -147,6 +150,7 @@ Linux/UNIX environment.
 %patch15 -p1 -b .setquota_inode_units
 %patch16 -p1 -b .edquota_inode_units
 %patch17 -p1 -b .close_file_handles
+%patch18 -p1 -b .rpc_time
 
 #fix typos/mistakes in localized documentation
 for pofile in $(find ./po/*.p*)
@@ -254,6 +258,9 @@ echo '  systemd-sysv-convert --apply quota_nld'
 
 
 %changelog
+* Wed Mar 05 2014 Petr Pisar <ppisar@redhat.com> - 1:4.01-9
+- Prevent from grace period overflow in RPC transport (bug #1072769)
+
 * Thu Jun 13 2013 Petr Pisar <ppisar@redhat.com> - 1:4.01-8
 - Close FILE handles on error too