util: don't allow time too close to 32-bit time_t overflow

In UTI_IsTimeOffsetSane() consider time in one year interval before
32-bit time_t overflow (in 2038) as invalid. Hopefully everything will
be using 64-bit time_t when that time comes.

diff --git a/util.c b/util.c
index e400d96b30465b914123c1bc572ba0118551229a..d82e5fa6508ead118003eb6fbf03eddcdcdf0ed7 100644 (file)
--- a/util.c
+++ b/util.c
@@ -609,6 +609,9 @@ UTI_Int64ToTimeval(NTP_int64 *src,
 /* Maximum offset between two sane times */
 #define MAX_OFFSET 4294967296.0
 
+/* Minimum allowed distance from maximum 32-bit time_t */
+#define MIN_ENDOFTIME_DISTANCE (365 * 24 * 3600)
+
 int
 UTI_IsTimeOffsetSane(struct timeval *tv, double offset)
 {
@@ -629,6 +632,10 @@ UTI_IsTimeOffsetSane(struct timeval *tv, double offset)
   /* Check if it's in the interval to which NTP time is mapped */
   if (t < (double)NTP_ERA_SPLIT || t > (double)(NTP_ERA_SPLIT + (1LL << 32)))
     return 0;
+#else
+  /* Don't get too close to 32-bit time_t overflow */
+  if (t > (double)(0x7fffffff - MIN_ENDOFTIME_DISTANCE))
+    return 0;
 #endif
 
   return 1;