From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 8 Sep 2015 14:22:01 +0000 (-0400)
Subject: Handle negative inputs to crypto_random_time_range().
X-Git-Tag: tor-0.2.7.3-rc~48^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=280672bdbc2c694ebe17f9972657d118e84be723;p=thirdparty%2Ftor.git

Handle negative inputs to crypto_random_time_range().

(These inputs are possible when Shadow starts the world at time_t 0,
and breaks our assumption that Tor didn't exist in the 1970s.)

Fixes regression introduced in 241e6b09. Fixes #16980.
---

diff --git a/changes/bug16980 b/changes/bug16980
new file mode 100644
index 0000000000..43a817e92a
--- /dev/null
+++ b/changes/bug16980
@@ -0,0 +1,6 @@
+  o Minor bugfixes:
+
+    - Fix the behavior of crypto_time_t when told to consider times
+      before 1970. (These times were possible when running in a
+      simulated network environment where time()'s output starts at
+      zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha.
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 6d4b0d7e16..815c2ec0c5 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2440,7 +2440,8 @@ crypto_rand_uint64_range(uint64_t min, uint64_t max)
 time_t
 crypto_rand_time_range(time_t min, time_t max)
 {
-  return (time_t) crypto_rand_uint64_range(min, max);
+  tor_assert(min < max);
+  return min + (time_t)crypto_rand_uint64(max - min);
 }
 
 /** Return a pseudorandom 64-bit integer, chosen uniformly from the values