changeset 1508:3a82485edd3f

cookie handle time overflow Jeremy pointed out http://lists.auriga.wearlab.de/pipermail/dillo-dev/2010-January/007144.html that time_t could in principle be a floating type. The cookies dpi assumes that it is an integer type.
author corvid <corvid@lavabit.com>
date Sun, 10 Jan 2010 06:17:48 +0000
parents c86be0d76b14
children 760d31f49672
files dpi/cookies.c
diffstat 1 files changed, 13 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/dpi/cookies.c	Sun Jan 10 01:03:06 2010 +0000
+++ b/dpi/cookies.c	Sun Jan 10 06:17:48 2010 +0000
@@ -62,6 +62,7 @@
 #define _MSG(...)
 #define MSG(...)  printf("[cookies dpi]: " __VA_ARGS__)
 
+#define DILLO_TIME_MAX ((time_t) ((1UL << (sizeof(time_t) * 8 - 1)) - 1))
 
 /*
  * a_List_add()
@@ -495,6 +496,10 @@
                   (minutes * 60) +
                   seconds);
 
+   /* handle overflow */
+   if (year >= 1970 && ret < 0)
+      ret = DILLO_TIME_MAX;
+
    return ret;
 }
 
@@ -704,7 +709,14 @@
       } else if (dStrcasecmp(attr, "Max-Age") == 0) {
          value = Cookies_parse_value(&str);
          if (isdigit(*value) || *value == '-') {
-            cookie->expires_at = time(NULL) + strtol(value, NULL, 10);
+            time_t now = time(NULL);
+            long age = strtol(value, NULL, 10);
+
+            cookie->expires_at = now + age;
+            if (age > 0 && cookie->expires_at < 0) {
+               /* handle overflow */
+               cookie->expires_at = DILLO_TIME_MAX;
+            }
             expires = max_age = TRUE;
          }
          dFree(value);