When setting expiration dates: Prevent integer overflow

2025-12-10 06:11:08 +01:00 · 2022-06-01 13:36:00 +02:00 · 2022-06-01 13:36:00 +02:00 · 44c32d0620
commit 44c32d0620
parent 70a861611c
2 changed files with 40 additions and 7 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/signature/subpackets/SignatureSubpackets.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/signature/subpackets/SignatureSubpackets.java
@ -212,9 +212,7 @@ public class SignatureSubpackets

    @Override
    public SignatureSubpackets setSignatureExpirationTime(boolean isCritical, long seconds) {
-        if (seconds < 0) {
-            throw new IllegalArgumentException("Expiration time cannot be negative.");
-        }
+        enforceBounds(seconds);
        return setSignatureExpirationTime(new SignatureExpirationTime(isCritical, seconds));
    }

@ -285,12 +283,19 @@ public class SignatureSubpackets

    @Override
    public SignatureSubpackets setKeyExpirationTime(boolean isCritical, long secondsFromCreationToExpiration) {
-        if (secondsFromCreationToExpiration < 0) {
-            throw new IllegalArgumentException("Seconds from key creation to expiration cannot be less than 0.");
-        }
+        enforceBounds(secondsFromCreationToExpiration);
        return setKeyExpirationTime(new KeyExpirationTime(isCritical, secondsFromCreationToExpiration));
    }

+    private void enforceBounds(long secondsFromCreationToExpiration) {
+        if (secondsFromCreationToExpiration < 0) {
+            throw new IllegalArgumentException("Seconds from creation to expiration cannot be less than 0.");
+        }
+        if (secondsFromCreationToExpiration > 0xffffffffL) {
+            throw new IllegalArgumentException("Integer overflow. Seconds from creation to expiration cannot be larger than 0xffffffff");
+        }
+    }
+
    @Override
    public SignatureSubpackets setKeyExpirationTime(@Nullable KeyExpirationTime keyExpirationTime) {
        this.keyExpirationTime = keyExpirationTime;