Handle u32 overflow in ed25519 cert expiration time.

The impact here isn't too bad. First, the only affected certs that expire after 32-bit signed time overflows in Y2038. Second, it could only make it seem that a non-expired cert is expired: it could never make it seem that an expired cert was still live. Fixes bug 20027; bugfix on 0.2.7.2-alpha.
author: Nick Mathewson <nickm@torproject.org> 2016-08-30 09:00:34 -0400
committer: Nick Mathewson <nickm@torproject.org> 2016-11-03 08:37:22 -0400
commit: 0704fa8a63c2e203162c359e184e63b10c45630c (patch)
tree: 3cee5bf6aaabf9178cf3d6ddfe1a3579e32ac466 /src/or/torcert.c
parent: fae7060aea5c562fc59e7089b6a3459a5718b2d0 (diff)
download: tor-0704fa8a63c2e203162c359e184e63b10c45630c.tar.gz
tor-0704fa8a63c2e203162c359e184e63b10c45630c.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/src/or/torcert.c b/src/or/torcert.c
index 2629155477..ef7775eb9e 100644
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -139,7 +139,11 @@ tor_cert_parse(const uint8_t *encoded, const size_t len)
   cert->encoded_len = len;
 
   memcpy(cert->signed_key.pubkey, parsed->certified_key, 32);
-  cert->valid_until = parsed->exp_field * 3600;
+  const int64_t valid_until_64 = ((int64_t)parsed->exp_field) * 3600;
+  if (valid_until_64 > TIME_MAX)
+    cert->valid_until = TIME_MAX - 1;
+  else
+    cert->valid_until = (time_t) valid_until_64;
   cert->cert_type = parsed->cert_type;
 
   for (unsigned i = 0; i < ed25519_cert_getlen_ext(parsed); ++i) {
author	Nick Mathewson <nickm@torproject.org>	2016-08-30 09:00:34 -0400
committer	Nick Mathewson <nickm@torproject.org>	2016-11-03 08:37:22 -0400
commit	0704fa8a63c2e203162c359e184e63b10c45630c (patch)
tree	3cee5bf6aaabf9178cf3d6ddfe1a3579e32ac466 /src/or/torcert.c
parent	fae7060aea5c562fc59e7089b6a3459a5718b2d0 (diff)
download	tor-0704fa8a63c2e203162c359e184e63b10c45630c.tar.gz tor-0704fa8a63c2e203162c359e184e63b10c45630c.zip