From f256b5fdf3952f2f34764d2556e5bee72b742017 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Thu, 25 Sep 2025 14:59:19 +0200 Subject: [PATCH] BUG/MINOR: acme: possible overflow in acme_will_expire() acme_will_expire() computes the schedule date using notAfter and notBefore from the certificate. However notBefore could be greater than notAfter and could result in an overflow. This is unlikely to happen and would mean an incorrect certificate. This patch fixes the issue by checking that notAfter > notBefore. It also replace the int type by a time_t to avoid overflow on 64bits architecture which is also unlikely to happen with certificates. `(date.tv_sec + diff > notAfter)` was also replaced by `if (notAfter - diff <= date.tv_sec)` to avoid an overflow. Fix issue #3135. Need to be backported to 3.2. --- src/acme.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/acme.c b/src/acme.c index b5746a41a..d02163838 100644 --- a/src/acme.c +++ b/src/acme.c @@ -2352,7 +2352,7 @@ wait: */ int acme_will_expire(struct ckch_store *store) { - int diff = 0; + time_t diff = 0; time_t notAfter = 0; time_t notBefore = 0; @@ -2363,13 +2363,14 @@ int acme_will_expire(struct ckch_store *store) notAfter = x509_get_notafter_time_t(store->data->cert); notBefore = x509_get_notbefore_time_t(store->data->cert); - if (notAfter >= 0 && notBefore >= 0) { + if ((notAfter >= 0 && notBefore >= 0) + && (notAfter > notBefore)) { diff = (notAfter - notBefore) / 12; /* validity period / 12 */ } else { diff = 7 * 24 * 60 * 60; /* default to 7 days */ } - if (date.tv_sec + diff > notAfter) + if (notAfter - diff <= date.tv_sec) return 1; return 0; -- 2.47.3