Completely ignore time stamp file if it is set to the epoch,

regardless of what gettimeofday() returns.

plugins/sudoers/timestamp.c

@@ -334,16 +334,17 @@ timestamp_status_internal(bool removing)
      */
     if (status == TS_OLD && !removing) {
 	mtim_get(&sb, &mtime);
+	if (timevalisset(&mtime)) {
 	    /* Negative timeouts only expire manually (sudo -k). */
-	if (def_timestamp_timeout < 0 && mtime.tv_sec != 0)
+	    if (def_timestamp_timeout < 0) {
 		status = TS_CURRENT;
-	else {
+	    } else {
 		now = time(NULL);
 		if (def_timestamp_timeout &&
 		    now - mtime.tv_sec < 60 * def_timestamp_timeout) {
 		    /*
 		     * Check for bogus time on the stampfile.  The clock may
-		 * have been set back or someone could be trying to spoof us.
+		     * have been set back or user could be trying to spoof us.
 		     */
 		    if (mtime.tv_sec > now + 60 * def_timestamp_timeout * 2) {
 			time_t tv_sec = (time_t)mtime.tv_sec;
@@ -355,7 +356,8 @@ timestamp_status_internal(bool removing)
 			else
 			    (void) rmdir(timestampdir);
 			status = TS_MISSING;
-		} else if (get_boottime(&boottime) && timevalcmp(&mtime, &boottime, <)) {
+		    } else if (get_boottime(&boottime) &&
+			timevalcmp(&mtime, &boottime, <)) {
 			status = TS_OLD;
 		    } else {
 			status = TS_CURRENT;
@@ -363,6 +365,7 @@ timestamp_status_internal(bool removing)
 		}
 	    }
 	}
+    }
 
 done:
     if (timestamp_uid != 0)