]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 69bd253)
BUG/MINOR: acme: avoid overflow when diff > notAfter
authorWilliam Lallemand <wlallemand@haproxy.com>
Tue, 7 Oct 2025 08:54:58 +0000 (10:54 +0200)
committerWilliam Lallemand <wlallemand@haproxy.com>
Tue, 7 Oct 2025 08:54:58 +0000 (10:54 +0200)
Avoid an overflow or a negative value if notAfter < diff.

This is unlikely to provoke any problem.

Fixes issue #3138.

Must be backported to 3.2.

src/acme.c patch | blob | blame | history

diff --git a/src/acme.c b/src/acme.c
index e302b986539260f18ae286724317985359a73254..9ce93b03ed842c821fb5aa071d022871ed07b52d 100644 (file)
--- a/src/acme.c
+++ b/src/acme.c
@@ -2425,8 +2425,10 @@ static time_t acme_schedule_date(struct ckch_store *store)
        } else {
                diff = 7 * 24 * 60 * 60; /* default to 7 days */
        }
-
-       return (notAfter - diff);
+       if (notAfter > diff) /* avoid overflow */
+               return (notAfter - diff);
+       else
+               return 1; /* epoch+1 is long way expired */
 }
 
 /*
Mirror of https://github.com/haproxy/haproxy.git