cookies be careful with overflow with ridiculously huge Max-Age values

...not that there's any obvious justification for storing cookies for decades.

1 files changed, 12 insertions, 2 deletions

diff --git a/dpi/cookies.c b/dpi/cookies.c
index 51767241..29902d17 100644
--- a/dpi/cookies.c
+++ b/dpi/cookies.c
@@ -45,6 +45,7 @@ int main(void)
 #include <stdio.h>
 #include <time.h>       /* for time() and time_t */
 #include <ctype.h>
+#include <limits.h>
 #include <netdb.h>
 #include <signal.h>
 #include "dpiutil.h"
@@ -835,11 +836,20 @@ static CookieData_t *Cookies_parse(char *cookie_str, const char *server_date)
       } else if (dStrAsciiCasecmp(attr, "Max-Age") == 0) {
          value = Cookies_parse_value(&str);
          if (isdigit(*value) || *value == '-') {
+            long age;
             time_t now = time(NULL);
-            long age = strtol(value, NULL, 10);
             struct tm *tm = gmtime(&now);
 
-            tm->tm_sec += age;
+            errno = 0;
+            age = (*value == '-') ? 0 : strtol(value, NULL, 10);
+
+            if (errno == ERANGE ||
+                (age > 0 && (age > INT_MAX - tm->tm_sec))) {
+               /* let's not overflow */
+               tm->tm_sec = INT_MAX;
+            } else {
+               tm->tm_sec += age;
+            }
             cookie->expires_at = mktime(tm);
             if (age > 0 && cookie->expires_at == (time_t) -1) {
                cookie->expires_at = cookies_future_time;