lighttpd 1.4.x https://www.lighttpd.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

164 lines
5.7 KiB

/*
* sys-time.h - time.h wrapper for localtime_r() and gmtime_r()
*
* Copyright(c) 2015 Glenn Strauss gstrauss()gluelogic.com All rights reserved
* License: BSD 3-clause (same as lighttpd)
*/
#ifndef INCLUDED_SYS_TIME_H
#define INCLUDED_SYS_TIME_H
#include "first.h"
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>/* gettimeofday() */
#endif
#include <time.h> /* time() localtime_r() gmtime_r() strftime() */
/*(provide rudimentary localtime_r() and gmtime_r() for platforms lacking)
*(Note that 'result' preprocessor arg is repeated, so callers should avoid
* side-effects. Also note that there is still a race condition before the
* result of localtime()/gmtime() is copied. In any case, this exists here
* so that the rest of the code can use localtime_r() and gmtime_r() syntax.
* Platforms requiring thread-safety and lacking localtime_r() or gmtime_r()
* could turn these into subroutines which take a local mutex to protect the
* calls to localtime() or gmtime()) */
#ifndef HAVE_LOCALTIME_R
#define localtime_r(timep,result) ((*(result) = *(localtime(timep))), (result))
#endif
#ifndef HAVE_GMTIME_R
#define gmtime_r(timep,result) ((*(result) = *(gmtime(timep))), (result))
#endif
#ifndef HAVE_TIMEGM
#ifdef _WIN32
#define timegm(tm) _mkgmtime(tm)
#else
__attribute_pure__
static inline time_t
timegm (const struct tm * const tm);
static inline time_t
timegm (const struct tm * const tm)
{
int y = tm->tm_year + 1900;
int m = tm->tm_mon + 1;
int d = tm->tm_mday;
/* days_from_civil() http://howardhinnant.github.io/date_algorithms.html */
y -= m <= 2;
int era = y / 400;
int yoe = y - era * 400; // [0, 399]
int doy = (153 * (m + (m > 2 ? -3 : 9)) + 2) / 5 + d - 1; // [0, 365]
int doe = yoe * 365 + yoe / 4 - yoe / 100 + doy; // [0, 146096]
int days_since_1970 = era * 146097 + doe - 719468;
return 60*(60*(24L*days_since_1970+tm->tm_hour)+tm->tm_min)+tm->tm_sec;
}
#endif
#endif
[multiple] Y2038 32-bit signed time_t mitigations Most OS platforms have already provided solutions to Y2038 32-bit signed time_t 5 - 10 years ago (or more!) Notable exceptions are Linux i686 and FreeBSD i386. Since 32-bit systems tend to be embedded systems, and since many distros take years to pick up new software, this commit aims to provide Y2038 mitigations for lighttpd running on 32-bit systems with Y2038-unsafe 32-bit signed time_t * Y2038: lighttpd 1.4.60 and later report Y2038 safety $ lighttpd -V + Y2038 support # Y2038-SAFE $ lighttpd -V - Y2038 support (unsafe 32-bit signed time_t) # Y2038-UNSAFE * Y2038: general platform info * Y2038-SAFE: lighttpd 64-bit builds on platforms using 64-bit time_t - all major 64-bit platforms (known to this author) use 64-bit time_t * Y2038-SAFE: lighttpd 32-bit builds on platforms using 64-bit time_t - Linux x32 ABI (different from i686) - FreeBSD all 32-bit and 64-bit architectures *except* 32-bit i386 - NetBSD 6.0 (released Oct 2012) all 32-bit and 64-bit architectures - OpenBSD 5.5 (released May 2014) all 32-bit and 64-bit architectures - Microsoft Windows XP and Visual Studio 2005 (? unsure ?) Another reference suggests Visual Studio 2015 defaults to 64-bit time_t - MacOS 10.15 Catalina (released 2019) drops support for 32-bit apps * Y2038-SAFE: lighttpd 32-bit builds on platforms using 32-bit unsigned time_t - e.g. OpenVMS (unknown if lighttpd builds on this platform) * Y2038-UNSAFE: lighttpd 32-bit builds on platforms using 32-bit signed time_t - Linux 32-bit (including i686) - glibc 32-bit library support not yet available for 64-bit time_t - https://sourceware.org/glibc/wiki/Y2038ProofnessDesign - Linux kernel 5.6 on 32-bit platforms does support 64-bit time_t https://itsubuntu.com/linux-kernel-5-6-to-fix-the-year-2038-issue-unix-y2k/ - https://www.gnu.org/software/libc/manual/html_node/64_002dbit-time-symbol-handling.html "Note: at this point, 64-bit time support in dual-time configurations is work-in-progress, so for these configurations, the public API only makes the 32-bit time support available. In a later change, the public API will allow user code to choose the time size for a given compilation unit." - compiling with -D_TIME_BITS=64 currently has no effect - glibc recent (Jul 2021) mailing list discussion - https://public-inbox.org/bug-gnulib/878s2ozq70.fsf@oldenburg.str.redhat.com/T/ - FreeBSD i386 - DragonFlyBSD 32-bit * Y2038 mitigations attempted on Y2038-UNSAFE platforms (32-bit signed time_t) * lighttpd prefers system monotonic clock instead of realtime clock in places where realtime clock is not required * lighttpd treats negative time_t values as after 19 Jan 2038 03:14:07 GMT * (lighttpd presumes that lighttpd will not encounter dates before 1970 during normal operation.) * lighttpd casts struct stat st.st_mtime (and st.st_*time) through uint64_t to convert negative timestamps for comparisions with 64-bit timestamps (treating negative timestamp values as after 19 Jan 2038 03:14:07 GMT) * lighttpd provides unix_time64_t (int64_t) and * lighttpd provides struct unix_timespec64 (unix_timespec64_t) (struct timespec equivalent using unix_time64_t tv_sec member) * lighttpd provides gmtime64_r() and localtime64_r() wrappers for platforms 32-bit platforms using 32-bit time_t and lighttpd temporarily shifts the year in order to use gmtime_r() and localtime_r() (or gmtime() and localtime()) from standard libraries, before readjusting year and passing struct tm to formatting functions such as strftime() * lighttpd provides TIME64_CAST() macro to cast signed 32-bit time_t to unsigned 32-bit and then to unix_time64_t * Note: while lighttpd tries handle times past 19 Jan 2038 03:14:07 GMT on 32-bit platforms using 32-bit signed time_t, underlying libraries and underlying filesystems might not behave properly after 32-bit signed time_t overflows (19 Jan 2038 03:14:08 GMT). If a given 32-bit OS does not work properly using negative time_t values, then lighttpd likely will not work properly on that system. * Other references and blogs - https://en.wikipedia.org/wiki/Year_2038_problem - https://en.wikipedia.org/wiki/Time_formatting_and_storage_bugs - http://www.lieberbiber.de/2017/03/14/a-look-at-the-year-20362038-problems-and-time-proofness-in-various-systems/
12 months ago
/* non-standard functions created for lighttpd for Y2038 problem
* reference: https://en.wikipedia.org/wiki/Year_2038_problem
*
* lighttpd does not expect to deal with dates earlier than 1970,
* and can therefore treat dates earlier than 1970 as having overflowed
* 32-bit signed time_t, signifying dates after Tue, 19 Jan 2038 03:14:07 GMT
*
* 1954, 1982, 2010, 2038 begin on Thu and are two years offset from leap year.
* Attempt to adjust a timestamp > INT32_MAX back to a similar year, starting on
* same weekday, and being same distance from next leap year; use gmtime_r()
* or localtime_r(); and then adjust tm.tm_year back to the year of the original
* timestamp. (Note that the calculations here are valid for the specific range
* of input timestamps mapped to 1970 and 2099. The year 2000 was a leap year,
* so crossing 2000 *does not* require special-casing here, but the year 2100
* *is not* a leap year in the Gregorian calendar, so this code is not valid
* after 28 Feb 2100. Since the max validity of these kludges could only be
* until 7 Feb 2106, this code has chosen not to special-case 2100-2106 and
* produces incorrect results after 28 Feb 2100.)
*/
#if HAS_TIME_BITS64
#define gmtime64_r(timep,result) gmtime_r((timep),(result))
#define localtime64_r(timep,result) localtime_r((timep),(result))
#else /* !HAS_TIME_BITS64 */
#define gmtime64_r(timep,result) gmtime_y2038_kludge32(*(timep),(result))
#define localtime64_r(timep,result) localtime_y2038_kludge32(*(timep),(result))
static inline struct tm *
gmtime_y2038_kludge32 (unix_time64_t t, struct tm *result);
static inline struct tm *
gmtime_y2038_kludge32 (unix_time64_t t, struct tm *result)
{
if ((uint64_t)t <= INT32_MAX) {
time_t tt = (time_t)t;
return gmtime_r(&tt, result);
}
else {
/*(treat negative time as having overflowed 32-bit time_t)*/
if (t < 0)
t = TIME64_CAST(t);
time_t tt = (time_t)(t - 2650838400LL);
if (gmtime_r(&tt, result)) {
result->tm_year += 84;
return result;
}
else if (t < 3914709247LL) {
/*(ok through Tue, 19 Jan 2094 03:14:07 GMT)*/
tt = (time_t)(t - 1767225600LL);
if (gmtime_r(&tt, result)) {
result->tm_year += 56;
return result;
}
}
/*(choose to forever return gmtime_r() equivalent of
* Thu, 01 Jan 1970 00:00:00 GMT)
*(returning NULL not expected by lighttpd and might crash)*/
tt = 0;
gmtime_r(&tt, result);
return result;
}
}
static inline struct tm *
localtime_y2038_kludge32 (unix_time64_t t, struct tm *result);
static inline struct tm *
localtime_y2038_kludge32 (unix_time64_t t, struct tm *result)
{
if ((uint64_t)t <= INT32_MAX) {
time_t tt = (time_t)t;
return localtime_r(&tt, result);
}
else {
/*(treat negative time as having overflowed 32-bit time_t)*/
if (t < 0)
t = TIME64_CAST(t);
time_t tt = (time_t)(t - 2650838400LL);
if (localtime_r(&tt, result)) {
result->tm_year += 84;
return result;
}
else if (t < 3914709247LL) {
/*(ok through Tue, 19 Jan 2094 03:14:07 GMT)*/
tt = (time_t)(t - 1767225600LL);
if (localtime_r(&tt, result)) {
result->tm_year += 56;
return result;
}
}
/*(choose to forever return localtime_r() equivalent of
* Thu, 01 Jan 1970 00:00:00 GMT)
*(returning NULL not expected by lighttpd and might crash)*/
tt = 0;
localtime_r(&tt, result);
return result;
}
}
#endif /* !HAS_TIME_BITS64 */
#endif