qt: Prevent u32 overflow when calculating expiration date

* lang/qt/src/qgpgmesignkeyjob.cpp (sign_key): Change maxAllowedDate to 2106-02-05. Change log-level from warning to debug. * lang/qt/tests/t-various.cpp (TestVarious::testSignKeyWithExpiration): Remove check for warning. Adapt assertion. -- Capping the expiration date at 2106-02-05 prevents a u32 overflow when adding the number of days until the maximal date to the current time. GnuPG-bug-id: 5991
2022-06-10 11:54:03 +02:00 · 2022-06-10 11:54:03 +02:00 · 7870fdbfef
commit 7870fdbfef
parent 918afc809d
3 changed files with 5 additions and 7 deletions
--- a/lang/qt/src/qgpgmesignkeyjob.cpp
+++ b/lang/qt/src/qgpgmesignkeyjob.cpp
@ -127,11 +127,11 @@ static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, cons

    if (expirationDate.isValid()) {
        // on 2106-02-07, the Unix time will reach 0xFFFFFFFF; since gpg uses uint32 internally
-        // for the expiration date clip it at 2106-02-06
-        static const QDate maxAllowedDate{2106, 2, 6};
+        // for the expiration date clip it at 2106-02-05 to avoid problems with negative time zones
+        static const QDate maxAllowedDate{2106, 2, 5};
        const auto clippedExpirationDate = expirationDate <= maxAllowedDate ? expirationDate : maxAllowedDate;
        if (clippedExpirationDate != expirationDate) {
-            qCWarning(QGPGME_LOG) << "Expiration of certification has been changed to" << clippedExpirationDate;
+            qCDebug(QGPGME_LOG) << "Expiration of certification has been changed to" << clippedExpirationDate;
        }
        // use the "days from now" format to specify the expiration date of the certification;
        // this format is the most appropriate regardless of the local timezone
--- a/lang/qt/src/signkeyjob.h
+++ b/lang/qt/src/signkeyjob.h
@ -149,7 +149,7 @@ public:
     * Sets the expiration date of the key signature to @a expiration. By default,
     * key signatures do not expire.
     *
-     * Note: Expiration dates after 2106-02-06 will be set to 2106-02-06.
+     * Note: Expiration dates after 2106-02-05 will be set to 2106-02-05.
     *
     * Not pure virtual for ABI compatibility.
     **/
--- a/lang/qt/tests/t-various.cpp
+++ b/lang/qt/tests/t-various.cpp
@ -328,8 +328,6 @@ private Q_SLOTS:
                    }
                });

-        QTest::ignoreMessage(QtWarningMsg, "Expiration of certification has been changed to QDate(\"2106-02-06\")");
-
        job->start(target);
        QSignalSpy spy{this, &TestVarious::asyncDone};
        QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
@ -339,7 +337,7 @@ private Q_SLOTS:
        const auto keySignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
        QVERIFY(!keySignature.neverExpires());
        const auto expirationDate = QDateTime::fromSecsSinceEpoch(uint_least32_t(keySignature.expirationTime())).date();
-        QCOMPARE(expirationDate, QDate(2106, 2, 6));  // expiration date is capped at 2106-02-06
+        QCOMPARE(expirationDate, QDate(2106, 2, 5));  // expiration date is capped at 2106-02-05
    }

    void testVersion()