Commits (2)
  • Rob Swindell's avatar
    Fix possible underflow conditions in gettimeleft() · 14940b8a
    Rob Swindell authored
    If a non-'T' exempt user had already used more time today than their security level allows, their timeleft would be computed as a negative value due to integer underflow. Since the return value of this function is assigned to a ulong (timeleft), this becomes a large positive number. Cap the floor of the computed time left at 0.
    
    Also fix the potential for underflow that could occur if the system clock changes while a user is online and 'now' becomes greater than 'starttime'.
    14940b8a
  • Rob Swindell's avatar
    Add comment about race condition · b75114da
    Rob Swindell authored
    Fixed typo in another comment
    b75114da
...@@ -49,7 +49,7 @@ void sbbs_t::logout() ...@@ -49,7 +49,7 @@ void sbbs_t::logout()
return; return;
} }
lprintf(LOG_INFO, "logout initiated"); lprintf(LOG_INFO, "logout initiated");
SAFECOPY(lastuseron,useron.alias); SAFECOPY(lastuseron,useron.alias); // TODO: race condition here
if(!online && getnodedat(cfg.node_num, &node, /* lock: */true) == 0) { if(!online && getnodedat(cfg.node_num, &node, /* lock: */true) == 0) {
node.status = NODE_LOGOUT; node.status = NODE_LOGOUT;
putnodedat(cfg.node_num, &node); putnodedat(cfg.node_num, &node);
...@@ -89,7 +89,7 @@ void sbbs_t::logout() ...@@ -89,7 +89,7 @@ void sbbs_t::logout()
remove(path); remove(path);
delfiles(cfg.temp_dir,ALLFILES); delfiles(cfg.temp_dir,ALLFILES);
if(sys_status&SS_USERON) { // Insures the useron actually when through logon()/getmsgptrs() first if(sys_status&SS_USERON) { // Insures the useron actually went through logon()/getmsgptrs() first
putmsgptrs(); putmsgptrs();
} }
if(!REALSYSOP) if(!REALSYSOP)
......
...@@ -3339,7 +3339,10 @@ time_t gettimeleft(scfg_t* cfg, user_t* user, time_t starttime) ...@@ -3339,7 +3339,10 @@ time_t gettimeleft(scfg_t* cfg, user_t* user, time_t starttime)
if(tleft>cfg->level_timepercall[user->level]*60) if(tleft>cfg->level_timepercall[user->level]*60)
tleft=cfg->level_timepercall[user->level]*60; tleft=cfg->level_timepercall[user->level]*60;
tleft+=user->min*60L; tleft+=user->min*60L;
tleft-=(long)(now-starttime); long tused = (long)MAX(now - starttime, 0);
tleft -= tused;
if(tleft < 0)
tleft = 0;
if(tleft>0x7fffL) if(tleft>0x7fffL)
timeleft=0x7fff; timeleft=0x7fff;
else else
......