Stop using abs(unsigned) in X11 time comparison.

The validation end of XDM-AUTHORIZATION-1 needs to check that two time_t values differ by at most XDM_MAXSKEW, which it was doing by subtracting them and passing the result to abs(). This provoked a warning from OS X's clang, on the reasonable enough basis that the value passed to abs was unsigned. Fixed by using the (well defined) unsigned arithmetic wraparound: to check that the mathematical difference of two unsigned numbers is in the interval [-k,+k], compute their difference _plus k_ as an unsigned, and check the result is in the interval [0,2k] by doing an unsigned comparison against 2k.
2025-01-09 17:38:00 +00:00 · 2015-08-27 18:39:36 +01:00 · 2015-08-27 18:39:36 +01:00 · b8dd15b8ff
commit b8dd15b8ff
parent 769600b226
2 changed files with 5 additions and 2 deletions
--- a/doc/udp.but
+++ b/doc/udp.but
@ -46,7 +46,9 @@ on 32-bit architectures \e{or bigger}; so it's safe to assume that
 by ANSI C.  Similarly, we assume that the execution character
 encoding is a superset of the printable characters of ASCII, though
 we don't assume the numeric values of control characters,
-particularly \cw{'\\n'} and \cw{'\\r'}.)
+particularly \cw{'\\n'} and \cw{'\\r'}. Also, the X forwarding code
+assumes that \c{time_t} has the Unix format and semantics, i.e. an
+integer giving the number of seconds since 1970.)

 \H{udp-multi-backend} Multiple backends treated equally

--- a/x11fwd.c
+++ b/x11fwd.c
@ -420,7 +420,8 @@ static const char *x11_verify(unsigned long peer_ip, int peer_port,
 	    if (data[i] != 0)	       /* zero padding wrong */
 		return "XDM-AUTHORIZATION-1 data failed check";
 	tim = time(NULL);
-	if (abs(t - tim) > XDM_MAXSKEW)
+	if (((unsigned long)t - (unsigned long)tim
+             + XDM_MAXSKEW) > 2*XDM_MAXSKEW)
 	    return "XDM-AUTHORIZATION-1 time stamp was too far out";
 	seen = snew(struct XDMSeen);
 	seen->time = t;