Opened 9 months ago

Closed 9 months ago

#20027 closed defect (implemented)

Ed25519 certificate parsing does badly with expirations after 2038

Reported by: nickm Owned by: nickm
Priority: Medium Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: TorCoreTeam201608
Cc: Actual Points: 0
Parent ID: #15055 Points: 0
Reviewer: Sponsor:

Description

We deliberately chose an hour-based expiration counter for ed certs, because of 32-bit issues. But when we parse them, we just multiply the 32-bit field by 3600. That results in an overflow if the time is greater than UINT32_MAX.

The impact here isn't too bad. First, it only affects certs that expire after 32-bit signed time overflows in Y2038. Second, it can only make it seem that a non-expired cert is expired: it can never make it seem that an expired cert is still live.

Child Tickets

Change History (3)

comment:1 Changed 9 months ago by nickm

  • Owner set to nickm
  • Status changed from new to accepted

comment:2 Changed 9 months ago by nickm

  • Actual Points set to 0

Done as part of my branch for #15055. This was one of those where the changes file plus the ticket plus the commit message took way longer than the actual bugfix.

comment:3 Changed 9 months ago by nickm

  • Resolution set to implemented
  • Status changed from accepted to closed

These are implemented in 15055_wip; folding them into #15055 as their parent ticket.

Note: See TracTickets for help on using tickets.