Skip to content

Fix overflow when using Long.MAX_VALUE as leeway#723

Closed
jmerle wants to merge 2 commits intoauth0:masterfrom
jmerle:leeway-overflow
Closed

Fix overflow when using Long.MAX_VALUE as leeway#723
jmerle wants to merge 2 commits intoauth0:masterfrom
jmerle:leeway-overflow

Conversation

@jmerle
Copy link
Copy Markdown

@jmerle jmerle commented Jun 25, 2025
edited
Loading

Changes

Recently I tried to set the leeway of the JWT verifier to Long.MAX_VALUE to do some local debugging where the token being expired didn't matter. Unfortunately the verifier crashed with a long overflow when I ran it. The alternative was to set the leeway to a large, but not too large value. Nonetheless, this PR fixes the overflow as I believe it to be a bug.

Previous exception on the new shouldValidateExpiresAtWithMaxLeeway:

Instant exceeds minimum or maximum instant
java.time.DateTimeException: Instant exceeds minimum or maximum instant
	at java.base/java.time.Instant.create(Instant.java:411)
	at java.base/java.time.Instant.ofEpochSecond(Instant.java:330)
	at java.base/java.time.Instant.plus(Instant.java:928)
	at java.base/java.time.Instant.plusSeconds(Instant.java:878)
	at java.base/java.time.Instant.plus(Instant.java:855)
	at java.base/java.time.Instant.minus(Instant.java:978)
	at java.base/java.time.Instant.minus(Instant.java:207)
	at java.base/java.time.Duration.subtractFrom(Duration.java:1137)
	at java.base/java.time.Instant.minus(Instant.java:954)
	at com.auth0.jwt.JWTVerifier$BaseVerification.assertInstantIsFuture(JWTVerifier.java:359)
	at com.auth0.jwt.JWTVerifier$BaseVerification.assertValidInstantClaim(JWTVerifier.java:344)
	at com.auth0.jwt.JWTVerifier$BaseVerification.lambda$addMandatoryClaimChecks$17(JWTVerifier.java:308)
	at com.auth0.jwt.JWTVerifier$BaseVerification$1.verify(JWTVerifier.java:412)
	at com.auth0.jwt.JWTVerifier.verifyClaims(JWTVerifier.java:489)
	at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:471)
	at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:452)
	at com.auth0.jwt.JWTVerifierTest.shouldValidateExpiresAtWithMaxLeeway(JWTVerifierTest.java:695)

Previous exception on the new shouldValidateNotBeforeWithMaxLeeway:

long overflow
java.lang.ArithmeticException: long overflow
	at java.base/java.lang.Math.addExact(Math.java:848)
	at java.base/java.time.Instant.plus(Instant.java:924)
	at java.base/java.time.Instant.plusSeconds(Instant.java:878)
	at java.base/java.time.Instant.plus(Instant.java:855)
	at java.base/java.time.Instant.plus(Instant.java:207)
	at java.base/java.time.Duration.addTo(Duration.java:1102)
	at java.base/java.time.Instant.plus(Instant.java:787)
	at com.auth0.jwt.JWTVerifier$BaseVerification.assertInstantIsLessThanOrEqualToNow(JWTVerifier.java:363)
	at com.auth0.jwt.JWTVerifier$BaseVerification.assertValidInstantClaim(JWTVerifier.java:349)
	at com.auth0.jwt.JWTVerifier$BaseVerification.lambda$addMandatoryClaimChecks$18(JWTVerifier.java:310)
	at com.auth0.jwt.JWTVerifier$BaseVerification$1.verify(JWTVerifier.java:412)
	at com.auth0.jwt.JWTVerifier.verifyClaims(JWTVerifier.java:489)
	at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:471)
	at com.auth0.jwt.JWTVerifier.verify(JWTVerifier.java:452)
	at com.auth0.jwt.JWTVerifierTest.shouldValidateNotBeforeWithMaxLeeway(JWTVerifierTest.java:767)

References

N/A

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

  • This change adds test coverage
  • This change has been tested on the latest version of Java or why not

Checklist

@jmerle jmerle requested a review from a team as a code owner June 25, 2025 00:46
@jmerle jmerle force-pushed the leeway-overflow branch from 299d24b to 07635e1 Compare June 25, 2025 01:07
@tanya732
Copy link
Copy Markdown
Contributor

tanya732 commented Apr 27, 2026

Hi @jmerle,

Thank you for the detailed report and for putting creating a fix.

You’re absolutely right that passing very large leeway values can lead to overflow in Instant arithmetic, and that’s something we should handle more gracefully.

That said, using Long.MAX_VALUE as leeway effectively disables time-based validation and isn’t a supported or realistic use case. For debugging scenarios where expiry shouldn’t matter, we recommend using ignoreIssuedAt(), which are already covered and intended for that purpose.

Regarding the fix, silently clamping the value changes semantics without making it visible to the caller. We’d prefer to either fail fast on invalid input or define a clear upper bound.

We’re going to close this for now, but if you’d like to revisit with an approach that validates input and fails explicitly, we’d be happy to take another look.

Appreciate the contribution, Thank you.

@tanya732 tanya732 closed this Apr 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jmerle @tanya732