Cehck for expire date overflows.

2 files changed, 33 insertions, 19 deletions

diff --git a/doc/DETAILS b/doc/DETAILS
index 1dd9f5569..a74c0e907 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -839,10 +839,16 @@ The format of this file is as follows:
 	The 3 parts of a key. Remember to use UTF-8 here.
 	If you don't give any of them, no user ID is created.
      Expire-Date: <iso-date>|(<number>[d|w|m|y])
-	Set the expiration date for the key (and the subkey).  It
-	may either be entered in ISO date format (2000-08-15) or as
-	number of days, weeks, month or years. Without a letter days
-	are assumed.
+	Set the expiration date for the key (and the subkey).  It may
+	either be entered in ISO date format (2000-08-15) or as number
+	of days, weeks, month or years.  The special notation
+	"seconds=N" is also allowed to directly give an Epoch
+	value. Without a letter days are assumed.  Note that there is
+	no check done on the overflow of the type used by OpenPGP for
+	timestamps.  Thus you better make sure that the given value
+	make sense.  Although OpenPGP works with time intervals, GnuPG
+	uses an absolute value internally and thus the last year we
+	can represent is 2105.
      Creation-Date: <iso-date>
         Set the creation date of the key as stored in the key
         information and which is also part of the fingerprint
diff --git a/g10/keygen.c b/g10/keygen.c
index 4e8dd50b4..a056e5320 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1789,21 +1789,23 @@ ask_keysize( int algo )
 u32
 parse_expire_string( const char *string )
 {
-    int mult;
-    u32 seconds,abs_date=0,curtime = make_timestamp();
-
-    if( !*string )
-      seconds = 0;
-    else if ( !strncmp (string, "seconds=", 8) )
-      seconds = atoi (string+8);
-    else if( (abs_date = scan_isodatestr(string)) && abs_date > curtime )
-      seconds = abs_date - curtime;
-    else if( (mult=check_valid_days(string)) )
-      seconds = atoi(string) * 86400L * mult;
-    else
-      seconds=(u32)-1;
-
-    return seconds;
+  int mult;
+  u32 seconds;
+  u32 abs_date = 0;
+  u32 curtime = make_timestamp ();
+  
+  if (!*string)
+    seconds = 0;
+  else if (!strncmp (string, "seconds=", 8))
+    seconds = atoi (string+8);
+  else if ((abs_date = scan_isodatestr(string)) && abs_date > curtime)
+    seconds = abs_date - curtime;
+  else if ((mult = check_valid_days (string)))
+    seconds = atoi (string) * 86400L * mult;
+  else
+    seconds = (u32)(-1);
+  
+  return seconds;
 }
 
 /* Parsean Creation-Date string which is either "1986-04-26" or
@@ -1916,7 +1918,13 @@ ask_expire_interval(int object,const char *def_expire)
 	      tty_printf (_("Your system can't display dates beyond 2038.\n"
                             "However, it will be correctly handled up to"
                             " 2106.\n"));
+            else
 #endif /*SIZEOF_TIME_T*/
+              if ( (time_t)((unsigned long)(curtime+interval)) < curtime )
+                {
+                  tty_printf (_("invalid value\n"));
+                  continue;
+                }
 	  }
 
 	if( cpr_enabled() || cpr_get_answer_is_yes("keygen.valid.okay",