From 771c15b6036a28a188ec69f324fdc589092a38e2 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 28 Apr 2025 13:35:02 +0200
Subject: [PATCH] smb: avoid integer overflow on weird input date

Found by OSS-fuzz

Closes #17206
---
 lib/smb.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/lib/smb.c b/lib/smb.c
index 164b7951d8..b25edf8ae3 100644
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -926,16 +926,20 @@ static CURLcode smb_connection_state(struct Curl_easy *data, bool *done)
  */
 static void get_posix_time(time_t *out, curl_off_t timestamp)
 {
-  timestamp -= CURL_OFF_T_C(116444736000000000);
-  timestamp /= 10000000;
+  if(timestamp >= CURL_OFF_T_C(116444736000000000)) {
+    timestamp -= CURL_OFF_T_C(116444736000000000);
+    timestamp /= 10000000;
 #if SIZEOF_TIME_T < SIZEOF_CURL_OFF_T
-  if(timestamp > TIME_T_MAX)
-    *out = TIME_T_MAX;
-  else if(timestamp < TIME_T_MIN)
-    *out = TIME_T_MIN;
-  else
+    if(timestamp > TIME_T_MAX)
+      *out = TIME_T_MAX;
+    else if(timestamp < TIME_T_MIN)
+      *out = TIME_T_MIN;
+    else
 #endif
-    *out = (time_t) timestamp;
+      *out = (time_t) timestamp;
+  }
+  else
+    *out = 0;
 }
 
 static CURLcode smb_request_state(struct Curl_easy *data, bool *done)
-- 
2.47.3