Cehck for expire date overflows.

2024-12-22 10:19:57 +01:00 · 2008-08-11 08:08:08 +00:00 · 2008-08-11 08:08:08 +00:00 · ac5c3fab30
commit ac5c3fab30
parent 4fa68f839b
2 changed files with 33 additions and 19 deletions
--- a/doc/DETAILS
+++ b/doc/DETAILS
@ -839,10 +839,16 @@ The format of this file is as follows:
 	The 3 parts of a key. Remember to use UTF-8 here.
 	If you don't give any of them, no user ID is created.
     Expire-Date: <iso-date>|(<number>[d|w|m|y])
-	Set the expiration date for the key (and the subkey).  It
-	may either be entered in ISO date format (2000-08-15) or as
-	number of days, weeks, month or years. Without a letter days
-	are assumed.
+	Set the expiration date for the key (and the subkey).  It may
+	either be entered in ISO date format (2000-08-15) or as number
+	of days, weeks, month or years.  The special notation
+	"seconds=N" is also allowed to directly give an Epoch
+	value. Without a letter days are assumed.  Note that there is
+	no check done on the overflow of the type used by OpenPGP for
+	timestamps.  Thus you better make sure that the given value
+	make sense.  Although OpenPGP works with time intervals, GnuPG
+	uses an absolute value internally and thus the last year we
+	can represent is 2105.
     Creation-Date: <iso-date>
        Set the creation date of the key as stored in the key
        information and which is also part of the fingerprint
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -1789,21 +1789,23 @@ ask_keysize( int algo )
 u32
 parse_expire_string( const char *string )
 {
-    int mult;
-    u32 seconds,abs_date=0,curtime = make_timestamp();
-
-    if( !*string )
-      seconds = 0;
-    else if ( !strncmp (string, "seconds=", 8) )
-      seconds = atoi (string+8);
-    else if( (abs_date = scan_isodatestr(string)) && abs_date > curtime )
-      seconds = abs_date - curtime;
-    else if( (mult=check_valid_days(string)) )
-      seconds = atoi(string) * 86400L * mult;
-    else
-      seconds=(u32)-1;
-
-    return seconds;
+  int mult;
+  u32 seconds;
+  u32 abs_date = 0;
+  u32 curtime = make_timestamp ();
+  
+  if (!*string)
+    seconds = 0;
+  else if (!strncmp (string, "seconds=", 8))
+    seconds = atoi (string+8);
+  else if ((abs_date = scan_isodatestr(string)) && abs_date > curtime)
+    seconds = abs_date - curtime;
+  else if ((mult = check_valid_days (string)))
+    seconds = atoi (string) * 86400L * mult;
+  else
+    seconds = (u32)(-1);
+  
+  return seconds;
 }

 /* Parsean Creation-Date string which is either "1986-04-26" or
@ -1916,7 +1918,13 @@ ask_expire_interval(int object,const char *def_expire)
 	      tty_printf (_("Your system can't display dates beyond 2038.\n"
                            "However, it will be correctly handled up to"
                            " 2106.\n"));
+            else
 #endif /*SIZEOF_TIME_T*/
+              if ( (time_t)((unsigned long)(curtime+interval)) < curtime )
+                {
+                  tty_printf (_("invalid value\n"));
+                  continue;
+                }
 	  }

 	if( cpr_enabled() || cpr_get_answer_is_yes("keygen.valid.okay",