Use time_t for x11_refuse_time timeout. We need SSH_TIME_T_MAX for

this, so move from misc.c to misc.h so it's available.  Fixes a Coverity
warning for 64bit time_t safety, ok djm@

diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c
index a51d431..3e91c7e 100644 (file)
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.387 2023/01/06 02:39:59 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.388 2023/03/03 02:37:58 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -149,7 +149,7 @@ static int connection_in;   /* Connection to server (input). */
 static int connection_out;     /* Connection to server (output). */
 static int need_rekeying;      /* Set to non-zero if rekeying is requested. */
 static int session_closed;     /* In SSH2: login session closed. */
-static u_int x11_refuse_time;  /* If >0, refuse x11 opens after this time. */
+static time_t x11_refuse_time; /* If >0, refuse x11 opens after this time. */
 static time_t server_alive_time;       /* Time to do server_alive_check */
 static int hostkeys_update_complete;
 static int session_setup_complete;
@@ -367,8 +367,8 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
 
                        if (timeout != 0 && x11_refuse_time == 0) {
                                now = monotime() + 1;
-                               if (UINT_MAX - timeout < now)
-                                       x11_refuse_time = UINT_MAX;
+                               if (SSH_TIME_T_MAX - timeout < now)
+                                       x11_refuse_time = SSH_TIME_T_MAX;
                                else
                                        x11_refuse_time = now + timeout;
                                channel_set_x11_refuse_time(ssh,
@@ -1608,7 +1608,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan)
                    "malicious server.");
                return NULL;
        }
-       if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) {
+       if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) {
                verbose("Rejected X11 connection after ForwardX11Timeout "
                    "expired");
                return NULL;

diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c
index 536efe5..a9b5da7 100644 (file)
--- a/usr.bin/ssh/misc.c
+++ b/usr.bin/ssh/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.180 2023/01/06 02:37:04 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.181 2023/03/03 02:37:58 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005-2020 Damien Miller.  All rights reserved.
@@ -2352,9 +2352,6 @@ parse_absolute_time(const char *s, uint64_t *tp)
        return 0;
 }
 
-/* On OpenBSD time_t is int64_t which is long long. */
-#define SSH_TIME_T_MAX LLONG_MAX
-
 void
 format_absolute_time(uint64_t t, char *buf, size_t len)
 {

diff --git a/usr.bin/ssh/misc.h b/usr.bin/ssh/misc.h
index 7d1454e..902cf56 100644 (file)
--- a/usr.bin/ssh/misc.h
+++ b/usr.bin/ssh/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.101 2023/01/06 02:37:04 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.102 2023/03/03 02:37:58 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -238,4 +238,7 @@ void        notify_complete(struct notifier_ctx *, const char *, ...)
 typedef void (*sshsig_t)(int);
 sshsig_t ssh_signal(int, sshsig_t);
 
+/* On OpenBSD time_t is int64_t which is long long. */
+#define SSH_TIME_T_MAX LLONG_MAX
+
 #endif /* _MISC_H */