[tor-commits] [tor/master] Handle negative inputs to crypto_random_time_range().

[nickm at torproject.org]

commit 280672bdbc2c694ebe17f9972657d118e84be723
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Sep 8 10:22:01 2015 -0400

    Handle negative inputs to crypto_random_time_range().
    
    (These inputs are possible when Shadow starts the world at time_t 0,
    and breaks our assumption that Tor didn't exist in the 1970s.)
    
    Fixes regression introduced in 241e6b09. Fixes #16980.
---
 changes/bug16980    |    6 ++++++
 src/common/crypto.c |    3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/changes/bug16980 b/changes/bug16980
new file mode 100644
index 0000000..43a817e
--- /dev/null
+++ b/changes/bug16980
@@ -0,0 +1,6 @@
+  o Minor bugfixes:
+
+    - Fix the behavior of crypto_time_t when told to consider times
+      before 1970. (These times were possible when running in a
+      simulated network environment where time()'s output starts at
+      zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha.
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 6d4b0d7..815c2ec 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2440,7 +2440,8 @@ crypto_rand_uint64_range(uint64_t min, uint64_t max)
 time_t
 crypto_rand_time_range(time_t min, time_t max)
 {
-  return (time_t) crypto_rand_uint64_range(min, max);
+  tor_assert(min < max);
+  return min + (time_t)crypto_rand_uint64(max - min);
 }
 
 /** Return a pseudorandom 64-bit integer, chosen uniformly from the values