generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

To avoid possible time_t overflow use X509_time_adj_ex()

Browse Source 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2016-01-14 00:25:25 +00:00
parent b098dcae66
commit 9aa00b187a
2 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/ocsp.c
View File

@ -914,7 +914,7 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
bs = OCSP_BASICRESP_new(); bs = OCSP_BASICRESP_new();
thisupd = X509_gmtime_adj(NULL, 0); thisupd = X509_gmtime_adj(NULL, 0);
if (ndays != -1) if (ndays != -1)
nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24); nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
/* Examine each certificate id in the request */ /* Examine each certificate id in the request */
for (i = 0; i < id_count; i++) { for (i = 0; i < id_count; i++) {

3
apps/x509.c
View File

@ -1101,8 +1101,7 @@ static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL) if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
goto err; goto err;
if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) == if (X509_time_adj_ex(X509_get_notAfter(x), days, 0, NULL) == NULL)
NULL)
goto err; goto err;
if (!X509_set_pubkey(x, pkey)) if (!X509_set_pubkey(x, pkey))