[tor-commits] [tor/master] Handle u32 overflow in ed25519 cert expiration time.

nickm at torproject.org nickm at torproject.org
Thu Nov 3 13:18:59 UTC 2016


commit 0704fa8a63c2e203162c359e184e63b10c45630c
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Aug 30 09:00:34 2016 -0400

    Handle u32 overflow in ed25519 cert expiration time.
    
    The impact here isn't too bad. First, the only affected certs that
    expire after 32-bit signed time overflows in Y2038. Second, it could
    only make it seem that a non-expired cert is expired: it could never
    make it seem that an expired cert was still live.
    
    Fixes bug 20027; bugfix on 0.2.7.2-alpha.
---
 changes/bug20027 | 3 +++
 src/or/torcert.c | 6 +++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/changes/bug20027 b/changes/bug20027
new file mode 100644
index 0000000..79d1540
--- /dev/null
+++ b/changes/bug20027
@@ -0,0 +1,3 @@
+  o Minor bugfixes (ed25519 certificates):
+    - Correctly interpret ed25519 certificates that would expire some
+      time after 19 Jan 2038. Fixes bug 20027; bugfix on 0.2.7.2-alpha.
diff --git a/src/or/torcert.c b/src/or/torcert.c
index 2629155..ef7775e 100644
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -139,7 +139,11 @@ tor_cert_parse(const uint8_t *encoded, const size_t len)
   cert->encoded_len = len;
 
   memcpy(cert->signed_key.pubkey, parsed->certified_key, 32);
-  cert->valid_until = parsed->exp_field * 3600;
+  const int64_t valid_until_64 = ((int64_t)parsed->exp_field) * 3600;
+  if (valid_until_64 > TIME_MAX)
+    cert->valid_until = TIME_MAX - 1;
+  else
+    cert->valid_until = (time_t) valid_until_64;
   cert->cert_type = parsed->cert_type;
 
   for (unsigned i = 0; i < ed25519_cert_getlen_ext(parsed); ++i) {





More information about the tor-commits mailing list