Opened 3 years ago

Last modified 13 months ago

#18480 new defect

Some tor time functions have undefined behavior with dates after 2037 and 32-bit time_t

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: integer-overflow, time-overflow, tor-relay, 2038-problem, 033-triage-20180320, 033-removed-20180320
Cc: Actual Points:
Parent ID: Points: small/medium
Reviewer: Sponsor:

Description

The following tor time functions will overflow in 2037. We could improve their semantics by checking for overflow and checking if the functions we call succeed or return an error:

  • tor_gmtime_r
  • format_rfc1123_time
  • format_*iso_time*
  • parse_iso_time
  • parse_http_time

Child Tickets

TicketStatusOwnerSummaryComponent
#24555closedBug: tor_gmtime_r overflow - gmtime(9223372036854775807) failed with error No errorCore Tor/Tor

Change History (12)

comment:1 Changed 3 years ago by teor

I've added some unit tests in #18479 for these functions, and added comments where the functions should indicate failure, but don't. Search for "should indicate failure on overflow" in test_util_time and test_util_parse_http_time.

Fixing this issue probably means making the functions listed in the ticket description return an int (-1) for failure, rather than always returning void or zero.

comment:2 Changed 3 years ago by nickm

Points: small/medium

comment:3 Changed 3 years ago by isabela

Milestone: Tor: 0.2.9.x-finalTor: 0.2.???

tickets market to be removed from milestone 029

comment:4 Changed 2 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:5 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:6 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:7 Changed 22 months ago by nickm

Keywords: time-overflow tor-relay 2038-problem added

comment:8 Changed 22 months ago by nickm

Milestone: Tor: unspecifiedTor: 0.3.2.x-final
Summary: Some tor time functions don't work after 2037 with 32-bit time_tSome tor time functions have undefined behavior with dates after 2037 and 32-bit time_t

To be clear, the problem here is not that 32-time_t systems will be in trouble when it's Y2038; the problem is if we can do integer overflows _now_ if the inputs are bogus.

comment:9 Changed 19 months ago by nickm

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

comment:10 Changed 13 months ago by nickm

Keywords: 033-triage-20180320 added

Marking all tickets reached by current round of 033 triage.

comment:11 Changed 13 months ago by nickm

Keywords: 033-removed-20180320 added

Mark all not-already-included tickets as pending review for removal from 0.3.3 milestone.

comment:12 Changed 13 months ago by nickm

Milestone: Tor: 0.3.3.x-finalTor: unspecified

These tickets were marked as removed, and nobody has said that they can fix them. Let's remember to look at 033-removed-20180320 as we re-evaluate our triage process, to see whether we're triaging out unnecessarily, and to evaluate whether we're deferring anything unnecessarily. But for now, we can't do these: we need to fix the 033-must stuff now.

Note: See TracTickets for help on using tickets.