Handle u32 overflow in ed25519 cert expiration time.

The impact here isn't too bad. First, the only affected certs that
expire after 32-bit signed time overflows in Y2038. Second, it could
only make it seem that a non-expired cert is expired: it could never
make it seem that an expired cert was still live.

Fixes bug 20027; bugfix on 0.2.7.2-alpha.
This commit is contained in:
Nick Mathewson 2016-08-30 09:00:34 -04:00
parent fae7060aea
commit 0704fa8a63
2 changed files with 8 additions and 1 deletions

3
changes/bug20027 Normal file
View File

@ -0,0 +1,3 @@
o Minor bugfixes (ed25519 certificates):
- Correctly interpret ed25519 certificates that would expire some
time after 19 Jan 2038. Fixes bug 20027; bugfix on 0.2.7.2-alpha.

View File

@ -139,7 +139,11 @@ tor_cert_parse(const uint8_t *encoded, const size_t len)
cert->encoded_len = len;
memcpy(cert->signed_key.pubkey, parsed->certified_key, 32);
cert->valid_until = parsed->exp_field * 3600;
const int64_t valid_until_64 = ((int64_t)parsed->exp_field) * 3600;
if (valid_until_64 > TIME_MAX)
cert->valid_until = TIME_MAX - 1;
else
cert->valid_until = (time_t) valid_until_64;
cert->cert_type = parsed->cert_type;
for (unsigned i = 0; i < ed25519_cert_getlen_ext(parsed); ++i) {