Commit 6a55c1a2 authored by Ingo Klöcker's avatar Ingo Klöcker
Browse files

Treat expiration times as unsigned numbers and prevent overflows

Convert the expiration times from time_t to an unsigned 32-bit number,
and take care that the lower and upper bounds of the checked range for
the expiration date do not overflow.
parent f09588c3
Pipeline #219141 passed with stage
in 2 minutes and 38 seconds
......@@ -50,12 +50,14 @@ bool allNotRevokedSubkeysHaveSameExpirationAsPrimaryKey(const Key &key)
});
}
const auto primaryExpiration = primaryKey.expirationTime();
return std::all_of(std::begin(subkeys), std::end(subkeys), [primaryExpiration] (const auto &subkey) {
const auto primaryExpiration = quint32(primaryKey.expirationTime());
const auto range = std::make_pair(primaryExpiration > 10 ? primaryExpiration - 10 : 0,
primaryExpiration < std::numeric_limits<quint32>::max() - 10 ? primaryExpiration + 10 : std::numeric_limits<quint32>::max());
return std::all_of(std::begin(subkeys), std::end(subkeys), [range](const auto &subkey) {
// revoked subkeys are ignored by gpg --quick-set-expire when updating the expiration of all subkeys;
// check if expiration of subkey is (more or less) the same as the expiration of the primary key
return subkey.isRevoked() ||
(primaryExpiration - 10 <= subkey.expirationTime() && subkey.expirationTime() <= primaryExpiration + 10);
(range.first <= quint32(subkey.expirationTime()) && quint32(subkey.expirationTime()) <= range.second);
});
}
#endif
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment