Clamp (some) years supplied by the system to 1 CE

Clamp year values returned by system localtime(_r) and
gmtime(_r) to year 1. This ensures tor can read any
values it might write out.

Fixes bug 13476.

diff --git a/changes/bug13476-improve-time-handling b/changes/bug13476-improve-time-handling
index 68dc3e695b6dde628a23b4c91700498ff1db8f85..1fe60c642fa5830f6bb5f14ef58bccfe933cdad7 100644 (file)
--- a/changes/bug13476-improve-time-handling
+++ b/changes/bug13476-improve-time-handling
@@ -10,3 +10,6 @@
       for validity, taking leap years into account.
       Improves HTTP header validation.
       Implemented with bug 13476.
+    - Clamp year values returned by system localtime(_r) and gmtime(_r)
+      to year 1. This ensures tor can read any values it might write out.
+      Fixes bug 13476.

diff --git a/src/common/compat.c b/src/common/compat.c
index f8b1d1580625e448a6e50162fa8ac20f3356876d..b6fdb1ad787626579cd66a05ae5edefa2afd9fdd 100644 (file)
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -2770,7 +2770,9 @@ correct_tm(int islocal, const time_t *timep, struct tm *resultbuf,
   const char *outcome;
 
   if (PREDICT_LIKELY(r)) {
-    if (r->tm_year > 8099) { /* We can't strftime dates after 9999 CE. */
+    /* We can't strftime dates after 9999 CE, and we want to avoid dates
+     * before 1 CE (avoiding the year 0 issue and negative years). */
+    if (r->tm_year > 8099) {
       r->tm_year = 8099;
       r->tm_mon = 11;
       r->tm_mday = 31;
@@ -2778,6 +2780,14 @@ correct_tm(int islocal, const time_t *timep, struct tm *resultbuf,
       r->tm_hour = 23;
       r->tm_min = 59;
       r->tm_sec = 59;
+    } else if (r->tm_year < (1-1900)) {
+      r->tm_year = (1-1900);
+      r->tm_mon = 0;
+      r->tm_mday = 1;
+      r->tm_yday = 0;
+      r->tm_hour = 0;
+      r->tm_min = 0;
+      r->tm_sec = 0;
     }
     return r;
   }