Fix possible signedness issue in time comparison

commit: 8eff512274deafa130ee94e5755de2113abdb08e [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed May 20 11:41:36 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed May 20 11:41:36 2015 +0200
tree: 62d755e3636387699acc6f05fedd782ddc3d9d68
parent: 0849a0a9103e31b6f32f3009cede5c43a1e6805f [diff] [blame]
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 839e874..18dcdf7 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c

@@ -387,11 +387,16 @@
         goto cleanup;
 
 #if defined(MBEDTLS_HAVE_TIME)
-    /* Check if still valid */
-    if( ( time( NULL) - session->start ) > ctx->ticket_lifetime )
     {
-        ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
-        goto cleanup;
+        /* Check for expiration */
+        time_t current_time = time( NULL );
+
+        if( current_time < session->start ||
+            (uint32_t)( current_time - session->start ) > ctx->ticket_lifetime )
+        {
+            ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
+            goto cleanup;
+        }
     }
 #endif
commit	8eff512274deafa130ee94e5755de2113abdb08e	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Wed May 20 11:41:36 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Wed May 20 11:41:36 2015 +0200
tree	62d755e3636387699acc6f05fedd782ddc3d9d68
parent	0849a0a9103e31b6f32f3009cede5c43a1e6805f [diff] [blame]