From 6f6ad9093dc9a4296f38dda9ceea22f421609332 Mon Sep 17 00:00:00 2001
From: dtucker <dtucker@openbsd.org>
Date: Fri, 3 Mar 2023 02:37:58 +0000
Subject: [PATCH] Use time_t for x11_refuse_time timeout.  We need
 SSH_TIME_T_MAX for this, so move from misc.c to misc.h so it's available. 
 Fixes a Coverity warning for 64bit time_t safety, ok djm@

---
 usr.bin/ssh/clientloop.c | 10 +++++-----
 usr.bin/ssh/misc.c       |  5 +----
 usr.bin/ssh/misc.h       |  5 ++++-
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c
index a51d431badd..3e91c7e7814 100644
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.387 2023/01/06 02:39:59 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.388 2023/03/03 02:37:58 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -149,7 +149,7 @@ static int connection_in;	/* Connection to server (input). */
 static int connection_out;	/* Connection to server (output). */
 static int need_rekeying;	/* Set to non-zero if rekeying is requested. */
 static int session_closed;	/* In SSH2: login session closed. */
-static u_int x11_refuse_time;	/* If >0, refuse x11 opens after this time. */
+static time_t x11_refuse_time;	/* If >0, refuse x11 opens after this time. */
 static time_t server_alive_time;	/* Time to do server_alive_check */
 static int hostkeys_update_complete;
 static int session_setup_complete;
@@ -367,8 +367,8 @@ client_x11_get_proto(struct ssh *ssh, const char *display,
 
 			if (timeout != 0 && x11_refuse_time == 0) {
 				now = monotime() + 1;
-				if (UINT_MAX - timeout < now)
-					x11_refuse_time = UINT_MAX;
+				if (SSH_TIME_T_MAX - timeout < now)
+					x11_refuse_time = SSH_TIME_T_MAX;
 				else
 					x11_refuse_time = now + timeout;
 				channel_set_x11_refuse_time(ssh,
@@ -1608,7 +1608,7 @@ client_request_x11(struct ssh *ssh, const char *request_type, int rchan)
 		    "malicious server.");
 		return NULL;
 	}
-	if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) {
+	if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) {
 		verbose("Rejected X11 connection after ForwardX11Timeout "
 		    "expired");
 		return NULL;
diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c
index 536efe5e440..a9b5da7094d 100644
--- a/usr.bin/ssh/misc.c
+++ b/usr.bin/ssh/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.180 2023/01/06 02:37:04 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.181 2023/03/03 02:37:58 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005-2020 Damien Miller.  All rights reserved.
@@ -2352,9 +2352,6 @@ parse_absolute_time(const char *s, uint64_t *tp)
 	return 0;
 }
 
-/* On OpenBSD time_t is int64_t which is long long. */
-#define SSH_TIME_T_MAX LLONG_MAX
-
 void
 format_absolute_time(uint64_t t, char *buf, size_t len)
 {
diff --git a/usr.bin/ssh/misc.h b/usr.bin/ssh/misc.h
index 7d1454e04f0..902cf56cbe2 100644
--- a/usr.bin/ssh/misc.h
+++ b/usr.bin/ssh/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.101 2023/01/06 02:37:04 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.102 2023/03/03 02:37:58 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -238,4 +238,7 @@ void	notify_complete(struct notifier_ctx *, const char *, ...)
 typedef void (*sshsig_t)(int);
 sshsig_t ssh_signal(int, sshsig_t);
 
+/* On OpenBSD time_t is int64_t which is long long. */
+#define SSH_TIME_T_MAX LLONG_MAX
+
 #endif /* _MISC_H */
-- 
2.20.1