Handle negative inputs to crypto_random_time_range().

(These inputs are possible when Shadow starts the world at time_t 0,
and breaks our assumption that Tor didn't exist in the 1970s.)

Fixes regression introduced in 241e6b09. Fixes #16980.

diff --git a/changes/bug16980 b/changes/bug16980
new file mode 100644 (file)
index 0000000..43a817e
--- /dev/null
+++ b/changes/bug16980
@@ -0,0 +1,6 @@
+  o Minor bugfixes:
+
+    - Fix the behavior of crypto_time_t when told to consider times
+      before 1970. (These times were possible when running in a
+      simulated network environment where time()'s output starts at
+      zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha.

diff --git a/src/common/crypto.c b/src/common/crypto.c
index 6d4b0d7e16b86755766a3e644f534db79150e210..815c2ec0c5b02762be58a8888f41bb265560914a 100644 (file)
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2440,7 +2440,8 @@ crypto_rand_uint64_range(uint64_t min, uint64_t max)
 time_t
 crypto_rand_time_range(time_t min, time_t max)
 {
-  return (time_t) crypto_rand_uint64_range(min, max);
+  tor_assert(min < max);
+  return min + (time_t)crypto_rand_uint64(max - min);
 }
 
 /** Return a pseudorandom 64-bit integer, chosen uniformly from the values