upstream commit

Make ssh_packet_set_rekey_limits take u32 for the number of
seconds until rekeying (negative values are rejected at config parse time).
This allows the removal of some casts and a signed vs unsigned comparison
warning.

rekey_time is cast to int64 for the comparison which is a no-op
on OpenBSD, but should also do the right thing in -portable on
anything still using 32bit time_t (until the system time actually
wraps, anyway).

some early guidance deraadt@, ok djm@

Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c

1 files changed, 5 insertions, 5 deletions

diff --git a/packet.c b/packet.c
index ad1f6b497..6b9d3525b 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.243 2016/10/11 21:47:45 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.244 2017/02/03 02:56:00 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1049,7 +1049,7 @@ ssh_packet_need_rekeying(struct ssh *ssh, u_int outbound_packet_len)
 
         /* Time-based rekeying */
         if (state->rekey_interval != 0 &&
-            state->rekey_time + state->rekey_interval <= monotime())
+            (int64_t)state->rekey_time + state->rekey_interval <= monotime())
                 return 1;
 
         /* Always rekey when MAX_PACKETS sent in either direction */
@@ -2396,10 +2396,10 @@ ssh_packet_send_ignore(struct ssh *ssh, int nbytes)
 }
 
 void
-ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, time_t seconds)
+ssh_packet_set_rekey_limits(struct ssh *ssh, u_int64_t bytes, u_int32_t seconds)
 {
-        debug3("rekey after %llu bytes, %d seconds", (unsigned long long)bytes,
-            (int)seconds);
+        debug3("rekey after %llu bytes, %u seconds", (unsigned long long)bytes,
+            (unsigned int)seconds);
         ssh->state->rekey_limit = bytes;
         ssh->state->rekey_interval = seconds;
 }