resource_match: add expiration validity check

problem: expiration could be above the bounds of an int64_t solution: check to ensure that it is not Co-authored-by: Daniel Milroy <[email protected]>
flux-framework · Jan 9, 2025 · b3709b7 · b3709b7
1 parent 9875983
commit b3709b7
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/resource/modules/resource_match.cpp b/resource/modules/resource_match.cpp
@@ -1559,7 +1559,8 @@ static int parse_R (std::shared_ptr<resource_ctx_t> &ctx,
         flux_log (ctx->h, LOG_ERR, "%s: json_unpack: %s", __FUNCTION__, error.text);
         goto freemem_out;
     }
-    if (version != 1 || tstart < 0 || expiration < tstart) {
+    if (version != 1 || tstart < 0 || expiration < tstart
+        || expiration > static_cast<double> (std::numeric_limits<int64_t>::max ())) {
         rc = -1;
         errno = EPROTO;
         flux_log (ctx->h,