systemd
diff --git a/‎src/basic/log.c‎
Lines changed: 4 additions & 4 deletions b/‎src/basic/log.c‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎src/basic/os-util.c‎
Lines changed: 13 additions & 8 deletions b/‎src/basic/os-util.c‎
Lines changed: 13 additions & 8 deletions
diff --git a/‎src/basic/time-util.c‎
Lines changed: 51 additions & 19 deletions b/‎src/basic/time-util.c‎
Lines changed: 51 additions & 19 deletions
diff --git a/‎src/basic/time-util.h‎
Lines changed: 2 additions & 2 deletions b/‎src/basic/time-util.h‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/hostname/hostnamed.c‎
Lines changed: 6 additions & 5 deletions b/‎src/hostname/hostnamed.c‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎src/import/curl-util.c‎
Lines changed: 1 addition & 7 deletions b/‎src/import/curl-util.c‎
Lines changed: 1 addition & 7 deletions
diff --git a/‎src/journal/journald-syslog.c‎
Lines changed: 1 addition & 3 deletions b/‎src/journal/journald-syslog.c‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎src/resolve/resolved-dns-rr.c‎
Lines changed: 4 additions & 2 deletions b/‎src/resolve/resolved-dns-rr.c‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎src/shared/calendarspec.c‎
Lines changed: 25 additions & 18 deletions b/‎src/shared/calendarspec.c‎
Lines changed: 25 additions & 18 deletions
@@ -536,8 +536,8 @@ static int write_to_syslog(
         char header_priority[2 + DECIMAL_STR_MAX(int) + 1],
              header_time[64],
              header_pid[4 + DECIMAL_STR_MAX(pid_t) + 1];
-        time_t t;
         struct tm tm;
+        int r;
 
         if (syslog_fd < 0)
                 return 0;
@@ -547,9 +547,9 @@ static int write_to_syslog(
 
         xsprintf(header_priority, "<%i>", level);
 
-        t = (time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC);
-        if (!localtime_r(&t, &tm))
-                return -EINVAL;
+        r = localtime_or_gmtime_usec(now(CLOCK_REALTIME), /* utc= */ false, &tm);
+        if (r < 0)
+                return r;
 
         if (strftime(header_time, sizeof(header_time), "%h %e %T ", &tm) <= 0)
                 return -EINVAL;
 
@@ -450,24 +450,29 @@ int os_release_support_ended(const char *support_end, bool quiet, usec_t *ret_eo
                 support_end = _support_end_alloc;
         }
 
-        if (isempty(support_end)) /* An empty string is a explicit way to say "no EOL exists" */
+        if (isempty(support_end)) { /* An empty string is a explicit way to say "no EOL exists" */
+                if (ret_eol)
+                        *ret_eol = USEC_INFINITY;
+
                 return false;  /* no end date defined */
+        }
 
         struct tm tm = {};
         const char *k = strptime(support_end, "%Y-%m-%d", &tm);
         if (!k || *k)
                 return log_full_errno(quiet ? LOG_DEBUG : LOG_WARNING, SYNTHETIC_ERRNO(EINVAL),
-                                      "Failed to parse SUPPORT_END= in os-release file, ignoring: %m");
+                                      "Failed to parse SUPPORT_END= from os-release file, ignoring: %s", support_end);
 
-        time_t eol = timegm(&tm);
-        if (eol == (time_t) -1)
-                return log_full_errno(quiet ? LOG_DEBUG : LOG_WARNING, SYNTHETIC_ERRNO(EINVAL),
-                                      "Failed to convert SUPPORT_END= in os-release file, ignoring: %m");
+        usec_t eol;
+        r = mktime_or_timegm_usec(&tm, /* utc= */ true, &eol);
+        if (r < 0)
+                return log_full_errno(quiet ? LOG_DEBUG : LOG_WARNING, r,
+                                      "Failed to convert SUPPORT_END= time from os-release file, ignoring: %m");
 
         if (ret_eol)
-                *ret_eol = eol * USEC_PER_SEC;
+                *ret_eol = eol;
 
-        return DIV_ROUND_UP(now(CLOCK_REALTIME), USEC_PER_SEC) > (usec_t) eol;
+        return now(CLOCK_REALTIME) > eol;
 }
 
 const char* os_release_pretty_name(const char *pretty_name, const char *name) {
 
@@ -332,7 +332,6 @@ char* format_timestamp_style(
 
         struct tm tm;
         bool utc, us;
-        time_t sec;
         size_t n;
 
         assert(buf);
@@ -375,9 +374,7 @@ char* format_timestamp_style(
                 return strcpy(buf, xxx[style]);
         }
 
-        sec = (time_t) (t / USEC_PER_SEC); /* Round down */
-
-        if (!localtime_or_gmtime_r(&sec, &tm, utc))
+        if (localtime_or_gmtime_usec(t, utc, &tm) < 0)
                 return NULL;
 
         /* Start with the week day */
@@ -665,7 +662,6 @@ static int parse_timestamp_impl(
         unsigned fractional = 0;
         const char *k;
         struct tm tm, copy;
-        time_t sec;
 
         /* Allowed syntaxes:
          *
@@ -778,10 +774,9 @@ static int parse_timestamp_impl(
                 }
         }
 
-        sec = (time_t) (usec / USEC_PER_SEC);
-
-        if (!localtime_or_gmtime_r(&sec, &tm, utc))
-                return -EINVAL;
+        r = localtime_or_gmtime_usec(usec, utc, &tm);
+        if (r < 0)
+                return r;
 
         tm.tm_isdst = isdst;
 
@@ -939,11 +934,11 @@ static int parse_timestamp_impl(
         } else
                 minus = gmtoff * USEC_PER_SEC;
 
-        sec = mktime_or_timegm(&tm, utc);
-        if (sec < 0)
-                return -EINVAL;
+        r = mktime_or_timegm_usec(&tm, utc, &usec);
+        if (r < 0)
+                return r;
 
-        usec = usec_add(sec * USEC_PER_SEC, fractional);
+        usec = usec_add(usec, fractional);
 
 finish:
         usec = usec_add(usec, plus);
@@ -1625,17 +1620,54 @@ int get_timezone(char **ret) {
         return strdup_to(ret, e);
 }
 
-time_t mktime_or_timegm(struct tm *tm, bool utc) {
+int mktime_or_timegm_usec(
+                struct tm *tm, /* input + normalized output */
+                bool utc,
+                usec_t *ret) {
+
+        time_t t;
+
         assert(tm);
 
-        return utc ? timegm(tm) : mktime(tm);
+        if (tm->tm_year < 69) /* early check for negative (i.e. before 1970) time_t (Note that in some timezones the epoch is in the year 1969!)*/
+                return -ERANGE;
+        if ((usec_t) tm->tm_year > CONST_MIN(USEC_INFINITY / USEC_PER_YEAR, (usec_t) TIME_T_MAX / (365U * 24U * 60U * 60U)) - 1900) /* early check for possible overrun of usec_t or time_t */
+                return -ERANGE;
+
+        /* timegm()/mktime() is a bit weird to use, since it returns -1 in two cases: on error as well as a
+         * valid time indicating one second before the UNIX epoch. Let's treat both cases the same here, and
+         * return -ERANGE for anything negative, since usec_t is unsigned, and we can thus not express
+         * negative times anyway. */
+
+        t = utc ? timegm(tm) : mktime(tm);
+        if (t < 0) /* Refuse negative times and errors */
+                return -ERANGE;
+        if ((usec_t) t >= USEC_INFINITY / USEC_PER_SEC) /* Never return USEC_INFINITY by accident (or overflow) */
+                return -ERANGE;
+
+        if (ret)
+                *ret = (usec_t) t * USEC_PER_SEC;
+        return 0;
 }
 
-struct tm *localtime_or_gmtime_r(const time_t *t, struct tm *tm, bool utc) {
-        assert(t);
-        assert(tm);
+int localtime_or_gmtime_usec(
+                usec_t t,
+                bool utc,
+                struct tm *ret) {
 
-        return utc ? gmtime_r(t, tm) : localtime_r(t, tm);
+        t /= USEC_PER_SEC; /* Round down */
+        if (t > (usec_t) TIME_T_MAX)
+                return -ERANGE;
+        time_t sec = (time_t) t;
+
+        struct tm buf = {};
+        if (!(utc ? gmtime_r(&sec, &buf) : localtime_r(&sec, &buf)))
+                return -EINVAL;
+
+        if (ret)
+                *ret = buf;
+
+        return 0;
 }
 
 static uint32_t sysconf_clock_ticks_cached(void) {
 
@@ -177,8 +177,8 @@ usec_t usec_shift_clock(usec_t, clockid_t from, clockid_t to);
 
 int get_timezone(char **ret);
 
-time_t mktime_or_timegm(struct tm *tm, bool utc);
-struct tm *localtime_or_gmtime_r(const time_t *t, struct tm *tm, bool utc);
+int mktime_or_timegm_usec(struct tm *tm, bool utc, usec_t *ret);
+int localtime_or_gmtime_usec(usec_t t, bool utc, struct tm *ret);
 
 uint32_t usec_to_jiffies(usec_t usec);
 usec_t jiffies_to_usec(uint32_t jiffies);
 
@@ -342,14 +342,15 @@ static int get_firmware_date(usec_t *ret) {
                 .tm_mon = m,
                 .tm_year = y,
         };
-        time_t v = timegm(&tm);
-        if (v == (time_t) -1)
-                return -errno;
+
+        usec_t v;
+        r = mktime_or_timegm_usec(&tm, /* utc= */ true, &v);
+        if (r < 0)
+                return r;
         if (tm.tm_mday != (int) d || tm.tm_mon != (int) m || tm.tm_year != (int) y)
                 return -EINVAL; /* date was not normalized? (e.g. "30th of feb") */
 
-        *ret = (usec_t) v * USEC_PER_SEC;
-
+        *ret = v;
         return 0;
 }
 
 
@@ -384,7 +384,6 @@ int curl_parse_http_time(const char *t, usec_t *ret) {
         _cleanup_(freelocalep) locale_t loc = (locale_t) 0;
         const char *e;
         struct tm tm;
-        time_t v;
 
         assert(t);
         assert(ret);
@@ -404,10 +403,5 @@ int curl_parse_http_time(const char *t, usec_t *ret) {
         if (!e || *e != 0)
                 return -EINVAL;
 
-        v = timegm(&tm);
-        if (v == (time_t) -1)
-                return -EINVAL;
-
-        *ret = (usec_t) v * USEC_PER_SEC;
-        return 0;
+        return mktime_or_timegm_usec(&tm, /* usec= */ true, ret);
 }
@@ -127,7 +127,6 @@ void server_forward_syslog(Server *s, int priority, const char *identifier, cons
         char header_priority[DECIMAL_STR_MAX(priority) + 3], header_time[64],
              header_pid[STRLEN("[]: ") + DECIMAL_STR_MAX(pid_t) + 1];
         int n = 0;
-        time_t t;
         struct tm tm;
         _cleanup_free_ char *ident_buf = NULL;
 
@@ -144,8 +143,7 @@ void server_forward_syslog(Server *s, int priority, const char *identifier, cons
         iovec[n++] = IOVEC_MAKE_STRING(header_priority);
 
         /* Second: timestamp */
-        t = tv ? tv->tv_sec : ((time_t) (now(CLOCK_REALTIME) / USEC_PER_SEC));
-        if (!localtime_r(&t, &tm))
+        if (localtime_or_gmtime_usec(tv ? tv->tv_sec * USEC_PER_SEC : now(CLOCK_REALTIME), /* utc= */ false, &tm) < 0)
                 return;
         if (strftime(header_time, sizeof(header_time), "%h %e %T ", &tm) <= 0)
                 return;
 
@@ -793,12 +793,14 @@ static char* format_location(uint32_t latitude, uint32_t longitude, uint32_t alt
 
 static int format_timestamp_dns(char *buf, size_t l, time_t sec) {
         struct tm tm;
+        int r;
 
         assert(buf);
         assert(l > STRLEN("YYYYMMDDHHmmSS"));
 
-        if (!gmtime_r(&sec, &tm))
-                return -EINVAL;
+        r = localtime_or_gmtime_usec(sec * USEC_PER_SEC, /* utc= */ true, &tm);
+        if (r < 0)
+                return r;
 
         if (strftime(buf, l, "%Y%m%d%H%M%S", &tm) <= 0)
                 return -EINVAL;
 
@@ -576,9 +576,13 @@ static int calendarspec_from_time_t(CalendarSpec *c, time_t time) {
         struct tm tm;
         int r;
 
-        if (!gmtime_r(&time, &tm))
+        if ((usec_t) time > USEC_INFINITY / USEC_PER_SEC)
                 return -ERANGE;
 
+        r = localtime_or_gmtime_usec((usec_t) time * USEC_PER_SEC, /* utc= */ true, &tm);
+        if (r < 0)
+                return r;
+
         if (tm.tm_year > INT_MAX - 1900)
                 return -ERANGE;
 
@@ -1094,12 +1098,12 @@ int calendar_spec_from_string(const char *p, CalendarSpec **ret) {
 }
 
 static int find_end_of_month(const struct tm *tm, bool utc, int day) {
-        struct tm t = *tm;
+        struct tm t = *ASSERT_PTR(tm);
 
         t.tm_mon++;
         t.tm_mday = 1 - day;
 
-        if (mktime_or_timegm(&t, utc) < 0 ||
+        if (mktime_or_timegm_usec(&t, utc, /* ret= */ NULL) < 0 ||
             t.tm_mon != tm->tm_mon)
                 return -1;
 
@@ -1171,8 +1175,8 @@ static int find_matching_component(
 }
 
 static int tm_within_bounds(struct tm *tm, bool utc) {
-        struct tm t;
-        int cmp;
+        int r;
+
         assert(tm);
 
         /*
@@ -1183,9 +1187,10 @@ static int tm_within_bounds(struct tm *tm, bool utc) {
         if (tm->tm_year + 1900 > MAX_YEAR)
                 return -ERANGE;
 
-        t = *tm;
-        if (mktime_or_timegm(&t, utc) < 0)
-                return negative_errno();
+        struct tm t = *tm;
+        r = mktime_or_timegm_usec(&t, utc, /* ret= */ NULL);
+        if (r < 0)
+                return r;
 
         /*
          * Did any normalization take place? If so, it was out of bounds before.
@@ -1194,6 +1199,7 @@ static int tm_within_bounds(struct tm *tm, bool utc) {
          * out of bounds. Normalization has occurred implies find_matching_component() > 0,
          * other sub time units are already reset in find_next().
          */
+        int cmp;
         if ((cmp = CMP(t.tm_year, tm->tm_year)) != 0)
                 t.tm_mon = 0;
         else if ((cmp = CMP(t.tm_mon, tm->tm_mon)) != 0)
@@ -1222,7 +1228,7 @@ static bool matches_weekday(int weekdays_bits, const struct tm *tm, bool utc) {
                 return true;
 
         t = *tm;
-        if (mktime_or_timegm(&t, utc) < 0)
+        if (mktime_or_timegm_usec(&t, utc, /* ret= */ NULL) < 0)
                 return false;
 
         k = t.tm_wday == 0 ? 6 : t.tm_wday - 1;
@@ -1248,7 +1254,7 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) {
 
         for (unsigned iteration = 0; iteration < MAX_CALENDAR_ITERATIONS; iteration++) {
                 /* Normalize the current date */
-                (void) mktime_or_timegm(&c, spec->utc);
+                (void) mktime_or_timegm_usec(&c, spec->utc, /* ret= */ NULL);
                 c.tm_isdst = spec->dst;
 
                 c.tm_year += 1900;
@@ -1354,31 +1360,32 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) {
 }
 
 static int calendar_spec_next_usec_impl(const CalendarSpec *spec, usec_t usec, usec_t *ret_next) {
+        usec_t tm_usec;
         struct tm tm;
-        time_t t;
         int r;
-        usec_t tm_usec;
 
         assert(spec);
 
         if (usec > USEC_TIMESTAMP_FORMATTABLE_MAX)
                 return -EINVAL;
 
         usec++;
-        t = (time_t) (usec / USEC_PER_SEC);
-        assert_se(localtime_or_gmtime_r(&t, &tm, spec->utc));
+        r = localtime_or_gmtime_usec(usec, spec->utc, &tm);
+        if (r < 0)
+                return r;
         tm_usec = usec % USEC_PER_SEC;
 
         r = find_next(spec, &tm, &tm_usec);
         if (r < 0)
                 return r;
 
-        t = mktime_or_timegm(&tm, spec->utc);
-        if (t < 0)
-                return -EINVAL;
+        usec_t t;
+        r = mktime_or_timegm_usec(&tm, spec->utc, &t);
+        if (r < 0)
+                return r;
 
         if (ret_next)
-                *ret_next = (usec_t) t * USEC_PER_SEC + tm_usec;
+                *ret_next = t + tm_usec;
 
         return 0;
 }