From 280672bdbc2c694ebe17f9972657d118e84be723 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 8 Sep 2015 10:22:01 -0400
Subject: Handle negative inputs to crypto_random_time_range().

(These inputs are possible when Shadow starts the world at time_t 0,
and breaks our assumption that Tor didn't exist in the 1970s.)

Fixes regression introduced in 241e6b09. Fixes #16980.
---
 changes/bug16980    | 6 ++++++
 src/common/crypto.c | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 changes/bug16980

diff --git a/changes/bug16980 b/changes/bug16980
new file mode 100644
index 0000000000..43a817e92a
--- /dev/null
+++ b/changes/bug16980
@@ -0,0 +1,6 @@
+  o Minor bugfixes:
+
+    - Fix the behavior of crypto_time_t when told to consider times
+      before 1970. (These times were possible when running in a
+      simulated network environment where time()'s output starts at
+      zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha.
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 6d4b0d7e16..815c2ec0c5 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2440,7 +2440,8 @@ crypto_rand_uint64_range(uint64_t min, uint64_t max)
 time_t
 crypto_rand_time_range(time_t min, time_t max)
 {
-  return (time_t) crypto_rand_uint64_range(min, max);
+  tor_assert(min < max);
+  return min + (time_t)crypto_rand_uint64(max - min);
 }
 
 /** Return a pseudorandom 64-bit integer, chosen uniformly from the values
-- 
cgit v1.2.3-54-g00ecf