Description of problem: May integer overflow in WORM Xlator possibly. The structs: typedef struct { uint8_t worm : 1; uint8_t retain : 1; uint8_t legal_hold : 1; uint8_t ret_mode : 1; int64_t ret_period; int64_t auto_commit_period; } worm_reten_state_t; typedef struct { gf_boolean_t readonly_or_worm_enabled; gf_boolean_t worm_file; gf_boolean_t worm_files_deletable; int64_t reten_period; int64_t com_period; int reten_mode; time_t start_time; } read_only_priv_t; from read-only.h are using uint64_t values to store periods of retention and autocommmit. This seems to be dangerous since in worm-helper.c the function worm_set_state computes in line 97: stbuf->ia_atime = time(NULL) + retention_state->ret_period; stbuf->ia_atime is using int64_t because auf the settings of struct iattr. So if there is a very very high retention period stored , there is maybe an integer overflow. What can be the solution? Using int64_t instead if uint64_t may reduce the probability of the occurance. Version-Release number of selected component (if applicable): Gluster v5.4
REVIEW: https://review.gluster.org/22309 (WORM-Xlator: Maybe integer overflow when computing new atime) posted (#1) for review on master by David Spisla
REVIEW: https://review.gluster.org/22309 (WORM-Xlator: Maybe integer overflow when computing new atime) merged (#4) on master by Amar Tumballi