The validation end of XDM-AUTHORIZATION-1 needs to check that two
time_t values differ by at most XDM_MAXSKEW, which it was doing by
subtracting them and passing the result to abs(). This provoked a
warning from OS X's clang, on the reasonable enough basis that the
value passed to abs was unsigned.
Fixed by using the (well defined) unsigned arithmetic wraparound: to
check that the mathematical difference of two unsigned numbers is in
the interval [-k,+k], compute their difference _plus k_ as an
unsigned, and check the result is in the interval [0,2k] by doing an
unsigned comparison against 2k.
by ANSI C. Similarly, we assume that the execution character
encoding is a superset of the printable characters of ASCII, though
we don't assume the numeric values of control characters,
by ANSI C. Similarly, we assume that the execution character
encoding is a superset of the printable characters of ASCII, though
we don't assume the numeric values of control characters,
-particularly \cw{'\\n'} and \cw{'\\r'}.)
+particularly \cw{'\\n'} and \cw{'\\r'}. Also, the X forwarding code
+assumes that \c{time_t} has the Unix format and semantics, i.e. an
+integer giving the number of seconds since 1970.)
\H{udp-multi-backend} Multiple backends treated equally
\H{udp-multi-backend} Multiple backends treated equally
if (data[i] != 0) /* zero padding wrong */
return "XDM-AUTHORIZATION-1 data failed check";
tim = time(NULL);
if (data[i] != 0) /* zero padding wrong */
return "XDM-AUTHORIZATION-1 data failed check";
tim = time(NULL);
- if (abs(t - tim) > XDM_MAXSKEW)
+ if (((unsigned long)t - (unsigned long)tim
+ + XDM_MAXSKEW) > 2*XDM_MAXSKEW)
return "XDM-AUTHORIZATION-1 time stamp was too far out";
seen = snew(struct XDMSeen);
seen->time = t;
return "XDM-AUTHORIZATION-1 time stamp was too far out";
seen = snew(struct XDMSeen);
seen->time = t;