Another attempt at fixing the STACK warning in tortls.c

Patch suggestion from catalyst.

Related to 24423

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 197c5e8d3beed6305b03be47df31938991cd621e..9d2d0240a2c8b04097d7bb6da7c1e4a9394d9365 100644 (file)
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -491,11 +491,14 @@ tor_tls_create_certificate,(crypto_pk_t *rsa,
    * the past. */
   const time_t min_real_lifetime = 24*3600;
   const time_t start_granularity = 24*3600;
-  time_t earliest_start_time = now - cert_lifetime + min_real_lifetime
-    + start_granularity;
+  time_t earliest_start_time;
   /* Don't actually start in the future! */
-  if (earliest_start_time >= now)
+  if (cert_lifetime <= min_real_lifetime + start_granularity) {
     earliest_start_time = now - 1;
+  } else {
+    earliest_start_time = now + min_real_lifetime + start_granularity
+      - cert_lifetime;
+  }
   start_time = crypto_rand_time_range(earliest_start_time, now);
   /* Round the start time back to the start of a day. */
   start_time -= start_time % start_granularity;