From bc79b41c400a1b059911afce13b9b0a33c7d9fbc Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Fri, 3 May 2019 21:26:44 +0000
Subject: [PATCH] Disallow excessively small times of day in clock_settime(2).

Reported by:	syzkaller
Reviewed by:	cem, kib
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20151
---
 sys/kern/kern_time.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sys/kern/kern_time.c b/sys/kern/kern_time.c
index b8423768ccdf..1ab2ebcefefe 100644
--- a/sys/kern/kern_time.c
+++ b/sys/kern/kern_time.c
@@ -412,7 +412,9 @@ kern_clock_settime(struct thread *td, clockid_t clock_id, struct timespec *ats)
 	if (ats->tv_nsec < 0 || ats->tv_nsec >= 1000000000 ||
 	    ats->tv_sec < 0)
 		return (EINVAL);
-	if (!allow_insane_settime && ats->tv_sec > 8000ULL * 365 * 24 * 60 * 60)
+	if (!allow_insane_settime &&
+	    (ats->tv_sec > 8000ULL * 365 * 24 * 60 * 60 ||
+	    ats->tv_sec < utc_offset()))
 		return (EINVAL);
 	/* XXX Don't convert nsec->usec and back */
 	TIMESPEC_TO_TIMEVAL(&atv, ats);