From b8dd15b8ffd6a9ebdbeceb9db3a3507492780e88 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Thu, 27 Aug 2015 18:39:36 +0100 Subject: [PATCH] Stop using abs(unsigned) in X11 time comparison. The validation end of XDM-AUTHORIZATION-1 needs to check that two time_t values differ by at most XDM_MAXSKEW, which it was doing by subtracting them and passing the result to abs(). This provoked a warning from OS X's clang, on the reasonable enough basis that the value passed to abs was unsigned. Fixed by using the (well defined) unsigned arithmetic wraparound: to check that the mathematical difference of two unsigned numbers is in the interval [-k,+k], compute their difference _plus k_ as an unsigned, and check the result is in the interval [0,2k] by doing an unsigned comparison against 2k. --- doc/udp.but | 4 +++- x11fwd.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/udp.but b/doc/udp.but index f7640268..c50464ee 100644 --- a/doc/udp.but +++ b/doc/udp.but @@ -46,7 +46,9 @@ on 32-bit architectures \e{or bigger}; so it's safe to assume that by ANSI C. Similarly, we assume that the execution character encoding is a superset of the printable characters of ASCII, though we don't assume the numeric values of control characters, -particularly \cw{'\\n'} and \cw{'\\r'}.) +particularly \cw{'\\n'} and \cw{'\\r'}. Also, the X forwarding code +assumes that \c{time_t} has the Unix format and semantics, i.e. an +integer giving the number of seconds since 1970.) \H{udp-multi-backend} Multiple backends treated equally diff --git a/x11fwd.c b/x11fwd.c index e42edf75..6cfec728 100644 --- a/x11fwd.c +++ b/x11fwd.c @@ -420,7 +420,8 @@ static const char *x11_verify(unsigned long peer_ip, int peer_port, if (data[i] != 0) /* zero padding wrong */ return "XDM-AUTHORIZATION-1 data failed check"; tim = time(NULL); - if (abs(t - tim) > XDM_MAXSKEW) + if (((unsigned long)t - (unsigned long)tim + + XDM_MAXSKEW) > 2*XDM_MAXSKEW) return "XDM-AUTHORIZATION-1 time stamp was too far out"; seen = snew(struct XDMSeen); seen->time = t;