[libsoup] SoupCookieJar: catch overflows when parsing very distant dates

[Dan Winship <danw src gnome org>]

commit 3ed4ea046fdc4c41c8191225c7da05a04e5a4245
Author: Dan Winship <danw gnome org>
Date:   Fri Mar 11 06:52:56 2011 -0500

    SoupCookieJar: catch overflows when parsing very distant dates
    
    Our APIs use an int for max_age, which meant that when reading a
    cookie file/db written by another program on a 64-bit architecture, a
    very large max_age would overflow. Fix things up to avoid that. Since
    we can't change the APIs to use a long for max_age, this means that we
    will end up expiring the cookie "early" (eg, in 20 years rather than
    50).
    
    Based on a patch from Mark Starovoytov
    https://bugzilla.gnome.org/show_bug.cgi?id=643462

 libsoup/soup-cookie-jar-sqlite.c |    9 ++++++---
 libsoup/soup-cookie-jar-text.c   |    8 +++++---
 libsoup/soup-date.c              |   16 ++++++++++++++--
 3 files changed, 25 insertions(+), 8 deletions(-)
---
diff --git a/libsoup/soup-cookie-jar-sqlite.c b/libsoup/soup-cookie-jar-sqlite.c
index 2870e5e..250abb8 100644
--- a/libsoup/soup-cookie-jar-sqlite.c
+++ b/libsoup/soup-cookie-jar-sqlite.c
@@ -193,7 +193,9 @@ callback (void *data, int argc, char **argv, char **colname)
 	SoupCookieJar *jar = SOUP_COOKIE_JAR (data);
 
 	char *name, *value, *host, *path;
-	time_t max_age, now;
+	gulong expire_time;
+	time_t now;
+	int max_age;
 	gboolean http_only = FALSE, secure = FALSE;
 
 	now = time (NULL);
@@ -202,10 +204,11 @@ callback (void *data, int argc, char **argv, char **colname)
 	value = argv[COL_VALUE];
 	host = argv[COL_HOST];
 	path = argv[COL_PATH];
-	max_age = strtoul (argv[COL_EXPIRY], NULL, 10) - now;
+	expire_time = strtoul (argv[COL_EXPIRY], NULL, 10);
 
-	if (max_age <= 0)
+	if (now >= expire_time)
 		return 0;
+	max_age = (expire_time - now <= G_MAXINT ? expire_time - now : G_MAXINT);
 
 	http_only = (g_strcmp0 (argv[COL_HTTP_ONLY], "1") == 0);
 	secure = (g_strcmp0 (argv[COL_SECURE], "1") == 0);
diff --git a/libsoup/soup-cookie-jar-text.c b/libsoup/soup-cookie-jar-text.c
index 42280ce..527d442 100644
--- a/libsoup/soup-cookie-jar-text.c
+++ b/libsoup/soup-cookie-jar-text.c
@@ -167,7 +167,8 @@ parse_cookie (char *line, time_t now)
 	char **result;
 	SoupCookie *cookie = NULL;
 	gboolean http_only;
-	time_t max_age;
+	gulong expire_time;
+	int max_age;
 	char *host, *path, *secure, *expires, *name, *value;
 
 	if (g_str_has_prefix (line, "#HttpOnly_")) {
@@ -184,9 +185,10 @@ parse_cookie (char *line, time_t now)
 
 	/* Check this first */
 	expires = result[4];
-	max_age = strtoul (expires, NULL, 10) - now;
-	if (max_age <= 0)
+	expire_time = strtoul (expires, NULL, 10);
+	if (now >= expire_time)
 		goto out;
+	max_age = (expire_time - now <= G_MAXINT ? expire_time - now : G_MAXINT);
 
 	host = result[0];
 
diff --git a/libsoup/soup-date.c b/libsoup/soup-date.c
index 2936655..a8a32e9 100644
--- a/libsoup/soup-date.c
+++ b/libsoup/soup-date.c
@@ -200,12 +200,24 @@ soup_date_new (int year, int month, int day,
  * current time (or before it, if @offset_seconds is negative). If
  * offset_seconds is 0, returns the current time.
  *
+ * If @offset_seconds would indicate a time not expressible as a
+ * #time_t, the return value will be clamped into range.
+ *
  * Return value: a new #SoupDate
  **/
 SoupDate *
 soup_date_new_from_now (int offset_seconds)
 {
-	return soup_date_new_from_time_t (time (NULL) + offset_seconds);
+	time_t now = time (NULL);
+	time_t then = now + offset_seconds;
+
+	if (sizeof (time_t) == 4) {
+		if (offset_seconds < 0 && then > now)
+			return soup_date_new_from_time_t (-G_MAXINT);
+		else if (offset_seconds > 0 && then < now)
+			return soup_date_new_from_time_t (G_MAXINT);
+	}
+	return soup_date_new_from_time_t (then);
 }
 
 static gboolean
@@ -757,7 +769,7 @@ soup_date_is_past (SoupDate *date)
 	g_return_val_if_fail (date != NULL, TRUE);
 
 	/* optimization */
-	if (date->year < 2008)
+	if (date->year < 2010)
 		return TRUE;
 
 	return soup_date_to_time_t (date) < time (NULL);