diff options
| author | John Crispin <john@openwrt.org> | 2013-07-04 13:31:32 +0000 |
|---|---|---|
| committer | John Crispin <john@openwrt.org> | 2013-07-04 13:31:32 +0000 |
| commit | 62cd76ab2c6fecc8daaefe45828a6d71251c92cd (patch) | |
| tree | ae4da6ba03b87705f7f5826147e330be381a7120 | |
| parent | a1734998ee431db2ebb8d0d65e368e30b8a1375c (diff) | |
| download | upstream-62cd76ab2c6fecc8daaefe45828a6d71251c92cd.tar.gz upstream-62cd76ab2c6fecc8daaefe45828a6d71251c92cd.tar.bz2 upstream-62cd76ab2c6fecc8daaefe45828a6d71251c92cd.zip | |
px5g: creates certificates that expire in the past
the attached patch fixes a bug of px5g when instructed to build
certificates that expire after 2038-01-19, caused a multiplication that
may overflow the "to" variable of type time_t
Attached patch checks if "to" precedes "from": if so sets "to" to its
maximum value. Pretty rude, but works well even if certificate is set to
expire in a century
Signed-off-by: Federico Fissore <federico@fissore.org>
Patchork: http://patchwork.openwrt.org/patch/3749/
SVN-Revision: 37165
| -rw-r--r-- | package/utils/px5g/src/px5g.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/package/utils/px5g/src/px5g.c b/package/utils/px5g/src/px5g.c index 2b3e78585c..cf50ad28e2 100644 --- a/package/utils/px5g/src/px5g.c +++ b/package/utils/px5g/src/px5g.c @@ -22,6 +22,7 @@ #include <stdlib.h> #include <string.h> #include <time.h> +#include <limits.h> #include "polarssl/havege.h" #include "polarssl/bignum.h" #include "polarssl/x509.h" @@ -157,6 +158,8 @@ int selfsigned(char **arg) { from = (from < 1000000000) ? 1000000000 : from; strftime(fstr, sizeof(fstr), "%F %H:%M:%S", gmtime(&from)); to = from + 60 * 60 * 24 * days; + if (to < from) + to = INT_MAX; strftime(tstr, sizeof(tstr), "%F %H:%M:%S", gmtime(&to)); x509_raw cert; |