Make sure not to read beyond end of buffer

author: Bodo Möller <bodo@openssl.org> 2008-07-16 18:10:28 +0000
committer: Bodo Möller <bodo@openssl.org> 2008-07-16 18:10:28 +0000
commit: 0ff3766b0ea3c389f9477fb0507918c8ce02c85f (patch)
tree: 9a9c716703d98a34ec4380677f27a443f4a8645f /crypto/asn1
parent: 356220230647236f60cf8615e2cb2e1ef33f1b00 (diff)
1 files changed, 6 insertions, 5 deletions
diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index eb776b7b3b..ae72b525d7 100644
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -393,8 +393,9 @@ int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
 	d= (v[6]-'0')*10+(v[7]-'0');
 	h= (v[8]-'0')*10+(v[9]-'0');
 	m=  (v[10]-'0')*10+(v[11]-'0');
-	if (	(v[12] >= '0') && (v[12] <= '9') &&
-		(v[13] >= '0') && (v[13] <= '9'))
+	if (i >= 14 &&
+	    (v[12] >= '0') && (v[12] <= '9') &&
+	    (v[13] >= '0') && (v[13] <= '9'))
 		s=  (v[12]-'0')*10+(v[13]-'0');
 
 	if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
@@ -428,8 +429,9 @@ int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
 	d= (v[4]-'0')*10+(v[5]-'0');
 	h= (v[6]-'0')*10+(v[7]-'0');
 	m=  (v[8]-'0')*10+(v[9]-'0');
-	if (	(v[10] >= '0') && (v[10] <= '9') &&
-		(v[11] >= '0') && (v[11] <= '9'))
+	if (i >=12 &&
+	    (v[10] >= '0') && (v[10] <= '9') &&
+	    (v[11] >= '0') && (v[11] <= '9'))
 		s=  (v[10]-'0')*10+(v[11]-'0');
 
 	if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
@@ -501,4 +503,3 @@ err:
 	OPENSSL_free(b);
 	return(ret);
 	}
-
author	Bodo Möller <bodo@openssl.org>	2008-07-16 18:10:28 +0000
committer	Bodo Möller <bodo@openssl.org>	2008-07-16 18:10:28 +0000
commit	0ff3766b0ea3c389f9477fb0507918c8ce02c85f (patch)
tree	9a9c716703d98a34ec4380677f27a443f4a8645f /crypto/asn1
parent	356220230647236f60cf8615e2cb2e1ef33f1b00 (diff)