From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 3 Nov 2016 23:29:52 +0000 (-0400)
Subject: Only check cert expiry vs TIME_MAX when time_t is less than 64-bit
X-Git-Tag: tor-0.3.0.1-alpha~118^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00bdd56b18e1441510e770b16bd869968839153b;p=thirdparty%2Ftor.git

Only check cert expiry vs TIME_MAX when time_t is less than 64-bit

Fixes issue 20558 / CID 1375988.
---

diff --git a/src/or/torcert.c b/src/or/torcert.c
index 852def9ef6..6bc880a89b 100644
--- a/src/or/torcert.c
+++ b/src/or/torcert.c
@@ -156,11 +156,12 @@ tor_cert_parse(const uint8_t *encoded, const size_t len)
   cert->encoded_len = len;
 
   memcpy(cert->signed_key.pubkey, parsed->certified_key, 32);
-  const int64_t valid_until_64 = ((int64_t)parsed->exp_field) * 3600;
+  int64_t valid_until_64 = ((int64_t)parsed->exp_field) * 3600;
+#if SIZEOF_TIME_T < SIZEOF_INT64_T
   if (valid_until_64 > TIME_MAX)
-    cert->valid_until = TIME_MAX - 1;
-  else
-    cert->valid_until = (time_t) valid_until_64;
+    valid_until_64 = TIME_MAX - 1;
+#endif
+  cert->valid_until = (time_t) valid_until_64;
   cert->cert_type = parsed->cert_type;
 
   for (unsigned i = 0; i < ed25519_cert_getlen_ext(parsed); ++i) {