Don't allow the time to be set forward so far it will wrap and become negative, - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	millert <millert@openbsd.org>	2000-01-22 23:41:42 +0000
committer	millert <millert@openbsd.org>	2000-01-22 23:41:42 +0000
commit	a640edbc9bea5f986278ef2f2751de0468fb4369 (patch)
tree	d0731dc2594bd209bbcc608477d63f0da1cc0894 /lib/libcurses/base
parent	minor getdents cleanup: (diff)
download	wireguard-openbsd-a640edbc9bea5f986278ef2f2751de0468fb4369.tar.xz wireguard-openbsd-a640edbc9bea5f986278ef2f2751de0468fb4369.zip

Don't allow the time to be set forward so far it will wrap and become negative,

thus allowing an attacker to bypass the next check below. The cutoff is 1 year before rollover occurs, so even if the attacker uses adjtime(2) to move the time past the cutoff, it will take a very long time to get to the wrap point. The actual check is tv_sec > INT_MAX - 365*24*60*60 because on 64 bit platforms tv_sec is 64 bits but time_t is 32 bits. This will need to be changed some time in the future when the size of time_t changes. Add a printf when a user tries to turn the clock backwards and securelevel > 1

Diffstat (limited to 'lib/libcurses/base')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: