Commit 14940b8a authored by Rob Swindell's avatar Rob Swindell 💬
Browse files

Fix possible underflow conditions in gettimeleft()

If a non-'T' exempt user had already used more time today than their security level allows, their timeleft would be computed as a negative value due to integer underflow. Since the return value of this function is assigned to a ulong (timeleft), this becomes a large positive number. Cap the floor of the computed time left at 0.

Also fix the potential for underflow that could occur if the system clock changes while a user is online and 'now' becomes greater than 'starttime'.
parent 559a2816
......@@ -3339,7 +3339,10 @@ time_t gettimeleft(scfg_t* cfg, user_t* user, time_t starttime)
if(tleft>cfg->level_timepercall[user->level]*60)
tleft=cfg->level_timepercall[user->level]*60;
tleft+=user->min*60L;
tleft-=(long)(now-starttime);
long tused = (long)MAX(now - starttime, 0);
tleft -= tused;
if(tleft < 0)
tleft = 0;
if(tleft>0x7fffL)
timeleft=0x7fff;
else
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment