diff options
author | Paul Dreik <github@pauldreik.se> | 2023-12-07 16:59:57 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-01-18 20:58:05 +0100 |
commit | 603505f1221713db8269450f90c1e843b3013612 (patch) | |
tree | f47ca75c686b4eb9c77c86b9972ebd32180ccdfa | |
parent | c15a844156d9cc373b2f42c58034437a3c45f58c (diff) |
prevent integer overflow in ossl_asn1_time_from_tm
this could be triggered by the following code (assuming 64 bit time_t):
time_t t = 67768011791126057ULL;
ASN1_TIME* at = ASN1_TIME_set(NULL, t);
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22976)
(cherry picked from commit 5b2d8bc28a8ff59689da98f31459819db09a9099)
-rw-r--r-- | crypto/asn1/a_time.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index f1702f262e..931e2854d6 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -295,16 +295,22 @@ ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type) tmps->type = type; p = (char*)tmps->data; - if (type == V_ASN1_GENERALIZEDTIME) + if (ts->tm_mon > INT_MAX - 1) + goto err; + + if (type == V_ASN1_GENERALIZEDTIME) { + if (ts->tm_year > INT_MAX - 1900) + goto err; tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900, ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, ts->tm_sec); - else + } else { tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year % 100, ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, ts->tm_sec); + } #ifdef CHARSET_EBCDIC ebcdic2ascii(tmps->data, tmps->data, tmps->length); |