From ea2b3714b316e64db2fe7b1c81fa8f75a93e3970 Mon Sep 17 00:00:00 2001
From: Morten Tokle <mortent@yahooinc.com>
Date: Mon, 26 Jun 2023 22:35:14 +0200
Subject: [PATCH] Prevent buffer overflow (#2212)

Signed-off-by: Morten Tokle <mortent@yahooinc.com>
---
 .../zts/cert/impl/FileCertRecordStoreConnection.java     | 2 +-
 .../zts/cert/impl/FileCertRecordStoreConnectionTest.java | 9 +++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/cert/impl/FileCertRecordStoreConnection.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/cert/impl/FileCertRecordStoreConnection.java
index f3cb659d925..82993cd9c95 100644
--- a/servers/zts/src/main/java/com/yahoo/athenz/zts/cert/impl/FileCertRecordStoreConnection.java
+++ b/servers/zts/src/main/java/com/yahoo/athenz/zts/cert/impl/FileCertRecordStoreConnection.java
@@ -110,7 +110,7 @@ public List<X509CertRecord> updateUnrefreshedCertificatesNotificationTimestamp(S
         return new ArrayList<>();
     }
 
-    boolean notExpired(long currentTime, long lastModified, int expiryTimeMins) {
+    boolean notExpired(long currentTime, long lastModified, long expiryTimeMins) {
         return (currentTime - lastModified < expiryTimeMins * 60 * 1000);
     }
 
diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/cert/impl/FileCertRecordStoreConnectionTest.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/cert/impl/FileCertRecordStoreConnectionTest.java
index dbb7dbb811d..81c698081d7 100644
--- a/servers/zts/src/test/java/com/yahoo/athenz/zts/cert/impl/FileCertRecordStoreConnectionTest.java
+++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/cert/impl/FileCertRecordStoreConnectionTest.java
@@ -37,7 +37,7 @@ public FileCertRecordStoreConnectionExt(File rootDir) {
         }
 
         @Override
-        boolean notExpired(long currentTime, long lastModified, int expiryTimeMins) {
+        boolean notExpired(long currentTime, long lastModified, long expiryTimeMins) {
             return true;
         }
     }
@@ -172,7 +172,12 @@ public void testdeleteExpiredX509CertRecords() throws Exception {
         
         X509CertRecord certRecordCheck = con.getX509CertRecord("ostk", "instance-id", "cn");
         assertNotNull(certRecordCheck);
-        
+
+        // Verify that certificates are not expired immediately
+        con.deleteExpiredX509CertRecords(43200); //30 days
+        certRecordCheck = con.getX509CertRecord("ostk", "instance-id", "cn");
+        assertNotNull(certRecordCheck);
+
         Thread.sleep(1000);
         con.deleteExpiredX509CertRecords(0);