Opened 4 years ago

Closed 4 years ago

#20027 closed defect (implemented)

Ed25519 certificate parsing does badly with expirations after 2038

Reported by: nickm Owned by: nickm
Priority: Medium Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: TorCoreTeam201608
Cc: Actual Points: 0
Parent ID: #15055 Points: 0
Reviewer: Sponsor:


We deliberately chose an hour-based expiration counter for ed certs, because of 32-bit issues. But when we parse them, we just multiply the 32-bit field by 3600. That results in an overflow if the time is greater than UINT32_MAX.

The impact here isn't too bad. First, it only affects certs that expire after 32-bit signed time overflows in Y2038. Second, it can only make it seem that a non-expired cert is expired: it can never make it seem that an expired cert is still live.

Child Tickets

Change History (3)

comment:1 Changed 4 years ago by nickm

Owner: set to nickm
Status: newaccepted

comment:2 Changed 4 years ago by nickm

Actual Points: 0

Done as part of my branch for #15055. This was one of those where the changes file plus the ticket plus the commit message took way longer than the actual bugfix.

comment:3 Changed 4 years ago by nickm

Resolution: implemented
Status: acceptedclosed

These are implemented in 15055_wip; folding them into #15055 as their parent ticket.

Note: See TracTickets for help on using tickets.