commit 769a94d9ce570b9418ab8705dc95c99f9b8c2251 Author: Nick Mathewson nickm@torproject.org Date: Fri Jul 28 10:31:12 2017 -0400
Bug 23055: cast, then multiply when doing u32*u32->u64.
No backport, since this bug won't trigger until people make certificates expiring after the Y2106 deadline.
CID 1415728 --- changes/bug23055 | 4 ++++ src/or/torcert.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/changes/bug23055 b/changes/bug23055 new file mode 100644 index 000000000..eee1397c1 --- /dev/null +++ b/changes/bug23055 @@ -0,0 +1,4 @@ + o Minor bugfixes (certificate handling): + - Fix a time handling bug in Tor certificates set to expire after + the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. + Found by Coverity as CID 1415728. diff --git a/src/or/torcert.c b/src/or/torcert.c index 658e620ca..69b157446 100644 --- a/src/or/torcert.c +++ b/src/or/torcert.c @@ -393,7 +393,7 @@ rsa_ed25519_crosscert_check(const uint8_t *crosscert, }
const uint32_t expiration_date = rsa_ed_crosscert_get_expiration(cc); - const uint64_t expiration_time = expiration_date * 3600; + const uint64_t expiration_time = ((uint64_t)expiration_date) * 3600;
if (reject_if_expired_before < 0 || expiration_time < (uint64_t)reject_if_expired_before) {