openssh bugs - Mar 2019 - [Bug 2977] New: misc.c convtime() LONG_MAX is no longer allowed

https://bugzilla.mindrot.org/show_bug.cgi?id=2977

            Bug ID: 2977
           Summary: misc.c convtime() LONG_MAX is no longer allowed
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: kirk at dovetail.com

Revisions 1.108 and 1.109 changed convtime() to fix an overflow issue,
but it was also changed so that LONG_MAX is no longer a valid value.

1.109 seemed to explicitly "fix" this, but I do not believe that this
is correct.

For example, there *should* be a unittest/conversion/test.c:

/* maximum value */
snprintf(buf, sizeof buf, "%lu", LONG_MAX);
ASSERT_LONG_EQ(convtime(buf), LONG_MAX);

-- this test currently fails.

PS>
We noticed this because we had some oddball user that was using
2147483647  (LONG_MAX) as ClientAliveInterval.  Even though this was
not a useful setting, they now receive an error for this value.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2977

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
                 CC|                            |djm at mindrot.org,
                   |                            |dtucker at dtucker.net
   Attachment #3291|                            |ok?(dtucker at dtucker.net)
              Flags|                            |

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 3291
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3291&action=edit
unittest for LONG_MAX convtime conversions

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2977

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2988


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2988
[Bug 2988] Tracking bug for 8.1 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2977

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3291|ok?(dtucker at dtucker.net)    |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2977

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Committed - thanks

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2977

vicky_ye <ywq119hy at 126.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ywq119hy at 126.com

--- Comment #3 from vicky_ye <ywq119hy at 126.com> ---
(In reply to Damien Miller from comment #1)
> Created attachment 3291 [details]
> unittest for LONG_MAX convtime conversions
The max value of some options (such as ClientAliveInterval,
LoginGraceTime and so on) changed from 2147483647(max int:2^31 ? 1) in
perivious version(6.4) to 2147483646 now. 

Does this behaviors is work as design? 
Thanks a lot.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2977

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
I don't think it matters - I can't imagine a SSH session lasting >68
years and needing that extra second to complete.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2977

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2977

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
close bugs that were resolved in OpenSSH 8.5 release cycle

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.