diff --git a/doc/udp.but b/doc/udp.but
index f7640268..c50464ee 100644
--- a/doc/udp.but
+++ b/doc/udp.but
@@ -46,7 +46,9 @@ on 32-bit architectures \e{or bigger}; so it's safe to assume that
 by ANSI C.  Similarly, we assume that the execution character
 encoding is a superset of the printable characters of ASCII, though
 we don't assume the numeric values of control characters,
-particularly \cw{'\\n'} and \cw{'\\r'}.)
+particularly \cw{'\\n'} and \cw{'\\r'}. Also, the X forwarding code
+assumes that \c{time_t} has the Unix format and semantics, i.e. an
+integer giving the number of seconds since 1970.)
 
 \H{udp-multi-backend} Multiple backends treated equally
 
diff --git a/x11fwd.c b/x11fwd.c
index e42edf75..6cfec728 100644
--- a/x11fwd.c
+++ b/x11fwd.c
@@ -420,7 +420,8 @@ static const char *x11_verify(unsigned long peer_ip, int peer_port,
 	    if (data[i] != 0)	       /* zero padding wrong */
 		return "XDM-AUTHORIZATION-1 data failed check";
 	tim = time(NULL);
-	if (abs(t - tim) > XDM_MAXSKEW)
+	if (((unsigned long)t - (unsigned long)tim
+             + XDM_MAXSKEW) > 2*XDM_MAXSKEW)
 	    return "XDM-AUTHORIZATION-1 time stamp was too far out";
 	seen = snew(struct XDMSeen);
 	seen->time = t;