aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Crispin <blogic@openwrt.org>2013-07-04 13:31:32 +0000
committerJohn Crispin <blogic@openwrt.org>2013-07-04 13:31:32 +0000
commit7b811a589c9201d01740eafa296a6f99edc2e855 (patch)
tree6017d39770b9d4653fe8b2040b42636db2b8ea88
parent9e1d4703d5e9d2d775e4cbcb29794eed2d181cc2 (diff)
downloadupstream-7b811a589c9201d01740eafa296a6f99edc2e855.tar.gz
upstream-7b811a589c9201d01740eafa296a6f99edc2e855.tar.bz2
upstream-7b811a589c9201d01740eafa296a6f99edc2e855.zip
px5g: creates certificates that expire in the past
the attached patch fixes a bug of px5g when instructed to build certificates that expire after 2038-01-19, caused a multiplication that may overflow the "to" variable of type time_t Attached patch checks if "to" precedes "from": if so sets "to" to its maximum value. Pretty rude, but works well even if certificate is set to expire in a century Signed-off-by: Federico Fissore <federico@fissore.org> Patchork: http://patchwork.openwrt.org/patch/3749/ git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37165 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--package/utils/px5g/src/px5g.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/package/utils/px5g/src/px5g.c b/package/utils/px5g/src/px5g.c
index 2b3e78585c..cf50ad28e2 100644
--- a/package/utils/px5g/src/px5g.c
+++ b/package/utils/px5g/src/px5g.c
@@ -22,6 +22,7 @@
#include <stdlib.h>
#include <string.h>
#include <time.h>
+#include <limits.h>
#include "polarssl/havege.h"
#include "polarssl/bignum.h"
#include "polarssl/x509.h"
@@ -157,6 +158,8 @@ int selfsigned(char **arg) {
from = (from < 1000000000) ? 1000000000 : from;
strftime(fstr, sizeof(fstr), "%F %H:%M:%S", gmtime(&from));
to = from + 60 * 60 * 24 * days;
+ if (to < from)
+ to = INT_MAX;
strftime(tstr, sizeof(tstr), "%F %H:%M:%S", gmtime(&to));
x509_raw cert;