From: Frank Lichtenheld Date: Sat, 22 Nov 2025 16:25:47 +0000 (+0100) Subject: tls_crypt: Fix Coverity complaint in tls_crypt_v2_check_client_key_age X-Git-Tag: v2.7_rc3~24 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2969837ad347a227e1d33b1c71390d85f16aa2cd;p=thirdparty%2Fopenvpn.git tls_crypt: Fix Coverity complaint in tls_crypt_v2_check_client_key_age Coverity complained about "overflow_before_widen" because there is a theoretical overflow that can happen even though the target value is wide enough. For useful values of max_days this is irrelevant but Coverity is not wrong, so change the code accordingly. Change-Id: Ie7308d549182a95b86cd113e4a8cc65ff45ba3d7 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1385 Message-Id: <20251122162553.12254-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34585.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 318c93925..9026cffd4 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -539,7 +539,7 @@ tls_crypt_v2_check_client_key_age(const struct tls_wrap_ctx *ctx, int max_days) int64_t timestamp; memcpy(×tamp, metadata + 1, sizeof(int64_t)); timestamp = (int64_t)ntohll((uint64_t)timestamp); - int64_t max_age_in_seconds = max_days * 24 * 60 * 60; + int64_t max_age_in_seconds = (int64_t)max_days * 24 * 60 * 60; if (now - timestamp > max_age_in_seconds) { msg(M_WARN, "ERROR: Client key is too old.");