tls_crypt: Fix Coverity complaint in tls_crypt_v2_check_client_key_age

Coverity complained about "overflow_before_widen" because
there is a theoretical overflow that can happen even though
the target value is wide enough. For useful values of max_days
this is irrelevant but Coverity is not wrong, so change the
code accordingly.

Change-Id: Ie7308d549182a95b86cd113e4a8cc65ff45ba3d7
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1385
Message-Id: <20251122162553.12254-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34585.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
index 318c939259df6478db9487de762885799ecb41cc..9026cffd4bf92b4085b820dc1876c0d1a7d41f78 100644 (file)
--- a/src/openvpn/tls_crypt.c
+++ b/src/openvpn/tls_crypt.c
@@ -539,7 +539,7 @@ tls_crypt_v2_check_client_key_age(const struct tls_wrap_ctx *ctx, int max_days)
     int64_t timestamp;
     memcpy(&timestamp, metadata + 1, sizeof(int64_t));
     timestamp = (int64_t)ntohll((uint64_t)timestamp);
-    int64_t max_age_in_seconds = max_days * 24 * 60 * 60;
+    int64_t max_age_in_seconds = (int64_t)max_days * 24 * 60 * 60;
     if (now - timestamp > max_age_in_seconds)
     {
         msg(M_WARN, "ERROR: Client key is too old.");