From a4533973a5331713cfa0cb275c4287e1a461189c Mon Sep 17 00:00:00 2001 From: cheloha Date: Thu, 10 Jan 2019 17:54:12 +0000 Subject: settime: Don't cancel ongoing adjtime(2) until after full permission checks ok jca@ visa@ guenther@ deraadt@ --- sys/kern/kern_time.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'sys/kern/kern_time.c') diff --git a/sys/kern/kern_time.c b/sys/kern/kern_time.c index 1e40e8ccd84..1dce61217ce 100644 --- a/sys/kern/kern_time.c +++ b/sys/kern/kern_time.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_time.c,v 1.105 2018/12/31 18:54:00 cheloha Exp $ */ +/* $OpenBSD: kern_time.c,v 1.106 2019/01/10 17:54:11 cheloha Exp $ */ /* $NetBSD: kern_time.c,v 1.20 1996/02/18 11:57:06 fvdl Exp $ */ /* @@ -67,12 +67,6 @@ settime(const struct timespec *ts) { struct timespec now; - /* - * Adjtime in progress is meaningless or harmful after - * setting the clock. Cancel adjtime and then set new time. - */ - adjtimedelta = 0; - /* * Don't allow the time to be set forward so far it will wrap * and become negative, thus allowing an attacker to bypass @@ -102,6 +96,11 @@ settime(const struct timespec *ts) return (EPERM); } + /* + * Adjtime in progress is meaningless or harmful after + * setting the clock. Cancel adjtime and then set new time. + */ + adjtimedelta = 0; tc_setrealtimeclock(ts); resettodr(); -- cgit v1.2.3