Handle u32 overflow in ed25519 cert expiration time.

The impact here isn't too bad. First, the only affected certs that expire after 32-bit signed time overflows in Y2038. Second, it could only make it seem that a non-expired cert is expired: it could never make it seem that an expired cert was still live. Fixes bug 20027; bugfix on 0.2.7.2-alpha.

Handle u32 overflow in ed25519 cert expiration time.
0704fa8a · Nick Mathewson · fae7060a · 0704fa8a · 0704fa8a
Commit 0704fa8a authored 8 years ago by Nick Mathewson
--- a/changes/bug20027
+++ b/changes/bug20027
+  o Minor bugfixes (ed25519 certificates):
+    - Correctly interpret ed25519 certificates that would expire some
+      time after 19 Jan 2038. Fixes bug 20027; bugfix on 0.2.7.2-alpha.
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -139,7 +139,11 @@ tor_cert_parse(const uint8_t *encoded, const size_t len)
  cert->encoded_len = len;

  memcpy(cert->signed_key.pubkey, parsed->certified_key, 32);
-  cert->valid_until = parsed->exp_field * 3600;
+  const int64_t valid_until_64 = ((int64_t)parsed->exp_field) * 3600;
+  if (valid_until_64 > TIME_MAX)
+    cert->valid_until = TIME_MAX - 1;
+  else
+    cert->valid_until = (time_t) valid_until_64;
  cert->cert_type = parsed->cert_type;

  for (unsigned i = 0; i < ed25519_cert_getlen_ext(parsed); ++i) {