Fix possible underflow conditions in gettimeleft()

If a non-'T' exempt user had already used more time today than their security level allows, their timeleft would be computed as a negative value due to integer underflow. Since the return value of this function is assigned to a ulong (timeleft), this becomes a large positive number. Cap the floor of the computed time left at 0. Also fix the potential for underflow that could occur if the system clock changes while a user is online and 'now' becomes greater than 'starttime'.

Fix possible underflow conditions in gettimeleft()
14940b8a · Rob Swindell · 559a2816 · 14940b8a
Commit 14940b8a authored 3 years ago by Rob Swindell
--- a/src/sbbs3/userdat.c
+++ b/src/sbbs3/userdat.c
@@ -3339,7 +3339,10 @@ time_t gettimeleft(scfg_t* cfg, user_t* user, time_t starttime)
 		if(tleft>cfg->level_timepercall[user->level]*60)
 			tleft=cfg->level_timepercall[user->level]*60;
 		tleft+=user->min*60L;
-		tleft-=(long)(now-starttime);
+		long tused = (long)MAX(now - starttime, 0);
+		tleft -= tused;
+		if(tleft < 0)
+			tleft = 0;
 		if(tleft>0x7fffL)
 			timeleft=0x7fff;
 		else