Land rapid7#9653, fix Y2k38 issue (until Jan 1, 2038)

sgonzalez-r7 · sgonzalez-r7 · commit 883654f0eada · 2018-03-01T09:13:41.000-06:00
diff --git a/lib/msf/core/payload/android.rb b/lib/msf/core/payload/android.rb
@@ -78,7 +78,7 @@ def sign_jar(jar)
     cert.public_key = key.public_key
 
     # Some time within the last 3 years
-    cert.not_before = Time.now - rand(3600*24*365*3)
+    cert.not_before = Time.now - rand(3600 * 24 * 365 * 3)
 
     # From http://developer.android.com/tools/publishing/app-signing.html
     # """
@@ -89,7 +89,16 @@ def sign_jar(jar)
     # requirement. You cannot upload an application if it is signed
     # with a key whose validity expires before that date.
     # """
-    cert.not_after = cert.not_before + 3600*24*365*20 # 20 years
+    #
+    # 32-bit Ruby (and 64-bit Ruby on Windows) cannot deal with
+    # certificate not_after times later than Jan 1st 2038, since long is 32-bit.
+    # Set not_after to a random time 2~ years before the first bad date.
+    #
+    # FIXME: this will break again randomly starting in late 2033, hopefully
+    # all 32-bit systems will be dead by then...
+    #
+    # The timestamp 0x78045d81 equates to 2033-10-22 00:00:01 UTC
+    cert.not_after = Time.at(0x78045d81 + rand(0x7fffffff - 0x78045d81))
 
     # If this line is left out, signature verification fails on OSX.
     cert.sign(key, OpenSSL::Digest::SHA1.new)
diff --git a/modules/exploits/multi/browser/java_signed_applet.rb b/modules/exploits/multi/browser/java_signed_applet.rb
@@ -216,7 +216,8 @@ def load_cert
       @cert.issuer = x509_name
       @cert.public_key = @key.public_key
       @cert.not_before = Time.now
-      @cert.not_after = @cert.not_before + 3600*24*365*3 # 3 years
+      # FIXME: this will break in the year 2037 on 32-bit systems
+      @cert.not_after = @cert.not_before + 3600 * 24 * 365 # 1 year
     end
   end
 
