https://bugs.gentoo.org/850676 https://git.savannah.gnu.org/cgit/wget.git/commit/?id=cb114fbbf73eb687d28b01341c8d4266ffa96c9d From: =?UTF-8?q?Tim=20R=C3=BChsen?= Date: Sun, 20 Mar 2022 12:18:20 +0100 Subject: Fix HSTS portability by using int64_t instead of time_t. * src/hsts.c: Use int64_t instead of time_t. * src/http.c: Use int64_t for parsing Strict-Transport-Security. --- a/src/hsts.c +++ b/src/hsts.c @@ -61,8 +61,8 @@ struct hsts_kh { }; struct hsts_kh_info { - time_t created; - time_t max_age; + int64_t created; + int64_t max_age; bool include_subdomains; }; @@ -166,7 +166,7 @@ end: static bool hsts_new_entry_internal (hsts_store_t store, const char *host, int port, - time_t created, time_t max_age, + int64_t created, int64_t max_age, bool include_subdomains, bool check_validity, bool check_expired, @@ -216,21 +216,21 @@ bail: static bool hsts_add_entry (hsts_store_t store, const char *host, int port, - time_t max_age, bool include_subdomains) + int64_t max_age, bool include_subdomains) { - time_t t = time (NULL); + int64_t t = (int64_t) time (NULL); /* It might happen time() returned -1 */ - return (t == (time_t)(-1) ? + return (t == -1) ? false : - hsts_new_entry_internal (store, host, port, t, max_age, include_subdomains, false, true, false)); + hsts_new_entry_internal (store, host, port, t, max_age, include_subdomains, false, true, false); } /* Creates a new entry, unless an identical one already exists. */ static bool hsts_new_entry (hsts_store_t store, const char *host, int port, - time_t created, time_t max_age, + int64_t created, int64_t max_age, bool include_subdomains) { return hsts_new_entry_internal (store, host, port, created, max_age, include_subdomains, true, true, true); @@ -245,7 +245,7 @@ hsts_remove_entry (hsts_store_t store, struct hsts_kh *kh) static bool hsts_store_merge (hsts_store_t store, const char *host, int port, - time_t created, time_t max_age, + int64_t created, int64_t max_age, bool include_subdomains) { enum hsts_kh_match match_type = NO_MATCH; @@ -276,11 +276,11 @@ hsts_read_database (hsts_store_t store, FILE *fp, bool merge_with_existing_entri size_t len = 0; int items_read; bool result = false; - bool (*func)(hsts_store_t, const char *, int, time_t, time_t, bool); + bool (*func)(hsts_store_t, const char *, int, int64_t, int64_t, bool); char host[256]; int port; - time_t created, max_age; + int64_t created, max_age; int include_subdomains; func = (merge_with_existing_entries ? hsts_store_merge : hsts_new_entry); @@ -326,10 +326,9 @@ hsts_store_dump (hsts_store_t store, FILE *fp) struct hsts_kh *kh = (struct hsts_kh *) it.key; struct hsts_kh_info *khi = (struct hsts_kh_info *) it.value; - if (fprintf (fp, "%s\t%d\t%d\t%lu\t%lu\n", + if (fprintf (fp, "%s\t%d\t%d\t%" PRId64 "\t%" PRId64 "\n", kh->host, kh->explicit_port, khi->include_subdomains, - (unsigned long) khi->created, - (unsigned long) khi->max_age) < 0) + khi->created, khi->max_age) < 0) { logprintf (LOG_ALWAYS, "Could not write the HSTS database correctly.\n"); break; @@ -439,7 +438,7 @@ hsts_match (hsts_store_t store, struct url *u) bool hsts_store_entry (hsts_store_t store, enum url_scheme scheme, const char *host, int port, - time_t max_age, bool include_subdomains) + int64_t max_age, bool include_subdomains) { bool result = false; enum hsts_kh_match match = NO_MATCH; @@ -464,9 +463,9 @@ hsts_store_entry (hsts_store_t store, * 'created' field too. The RFC also states that we have to * update the entry each time we see HSTS header. * See also Section 11.2. */ - time_t t = time (NULL); + int64_t t = (int64_t) time (NULL); - if (t != (time_t)(-1) && t != entry->created) + if (t != -1 && t != entry->created) { entry->created = t; entry->max_age = max_age; @@ -792,7 +791,7 @@ test_hsts_read_database (void) hsts_store_t table; char *file = NULL; FILE *fp = NULL; - time_t created = time(NULL) - 10; + int64_t created = time(NULL) - 10; if (opt.homedir) { @@ -801,9 +800,9 @@ test_hsts_read_database (void) if (fp) { fputs ("# dummy comment\n", fp); - fprintf (fp, "foo.example.com\t0\t1\t%lu\t123\n",(unsigned long) created); - fprintf (fp, "bar.example.com\t0\t0\t%lu\t456\n", (unsigned long) created); - fprintf (fp, "test.example.com\t8080\t0\t%lu\t789\n", (unsigned long) created); + fprintf (fp, "foo.example.com\t0\t1\t%" PRId64 "\t123\n", created); + fprintf (fp, "bar.example.com\t0\t0\t%" PRId64 "\t456\n", created); + fprintf (fp, "test.example.com\t8080\t0\t%" PRId64 "\t789\n", created); fclose (fp); table = hsts_store_open (file); --- a/src/hsts.h +++ b/src/hsts.h @@ -46,7 +46,7 @@ bool hsts_store_has_changed (hsts_store_t); bool hsts_store_entry (hsts_store_t, enum url_scheme, const char *, int, - time_t, bool); + int64_t, bool); bool hsts_match (hsts_store_t, struct url *); #endif /* HAVE_HSTS */ --- a/src/http.c +++ b/src/http.c @@ -1300,7 +1300,7 @@ parse_content_disposition (const char *hdr, char **filename) #ifdef HAVE_HSTS static bool -parse_strict_transport_security (const char *header, time_t *max_age, bool *include_subdomains) +parse_strict_transport_security (const char *header, int64_t *max_age, bool *include_subdomains) { param_token name, value; const char *c_max_age = NULL; @@ -1330,7 +1330,7 @@ parse_strict_transport_security (const char *header, time_t *max_age, bool *incl * Also, time_t is normally defined as a long, so this should not break. */ if (max_age) - *max_age = (time_t) strtol (c_max_age, NULL, 10); + *max_age = (int64_t) strtoll (c_max_age, NULL, 10); if (include_subdomains) *include_subdomains = is; @@ -3184,9 +3184,6 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs, #else extern hsts_store_t hsts_store; #endif - const char *hsts_params; - time_t max_age; - bool include_subdomains; #endif int sock = -1; @@ -3674,21 +3671,24 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs, #ifdef HAVE_HSTS if (opt.hsts && hsts_store) { - hsts_params = resp_header_strdup (resp, "Strict-Transport-Security"); + int64_t max_age; + const char *hsts_params = resp_header_strdup (resp, "Strict-Transport-Security"); + bool include_subdomains; + if (parse_strict_transport_security (hsts_params, &max_age, &include_subdomains)) { /* process strict transport security */ if (hsts_store_entry (hsts_store, u->scheme, u->host, u->port, max_age, include_subdomains)) - DEBUGP(("Added new HSTS host: %s:%u (max-age: %lu, includeSubdomains: %s)\n", + DEBUGP(("Added new HSTS host: %s:%" PRIu32 " (max-age: %" PRId64 ", includeSubdomains: %s)\n", u->host, - (unsigned) u->port, - (unsigned long) max_age, + (uint32_t) u->port, + max_age, (include_subdomains ? "true" : "false"))); else - DEBUGP(("Updated HSTS host: %s:%u (max-age: %lu, includeSubdomains: %s)\n", + DEBUGP(("Updated HSTS host: %s:%" PRIu32 " (max-age: %" PRId64 ", includeSubdomains: %s)\n", u->host, - (unsigned) u->port, - (unsigned long) max_age, + (uint32_t) u->port, + max_age, (include_subdomains ? "true" : "false"))); } xfree (hsts_params); cgit v1.1