[prev in list] [next in list] [prev in thread] [next in thread] 

List:       subversion-commits
Subject:    svn commit: r1809290 - /subversion/trunk/subversion/libsvn_subr/x509parse.c
From:       stsp () apache ! org
Date:       2017-09-22 10:01:04
Message-ID: 20170922100107.173723A00E9 () svn01-us-west ! apache ! org
[Download RAW message or body]

Author: stsp
Date: Fri Sep 22 10:01:04 2017
New Revision: 1809290

URL: http://svn.apache.org/viewvc?rev=1809290&view=rev
Log:
* subversion/libsvn_subr/x509parse.c
  (x509_get_date): Ensure values in 'xt' fall in ranges given in apr_time.h.

Modified:
    subversion/trunk/subversion/libsvn_subr/x509parse.c

Modified: subversion/trunk/subversion/libsvn_subr/x509parse.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/x509parse.c?rev=1809290&r1=1809289&r2=1809290&view=diff
 ==============================================================================
--- subversion/trunk/subversion/libsvn_subr/x509parse.c (original)
+++ subversion/trunk/subversion/libsvn_subr/x509parse.c Fri Sep 22 10:01:04 2017
@@ -472,6 +472,18 @@ x509_get_date(apr_time_t *when,
   /* apr_time_exp_t expects months to be zero indexed, 0=Jan, 11=Dec. */
   xt.tm_mon -= 1;
 
+  /* range checks (as per definition of apr_time_exp_t in apr_time.h) */
+  if (xt.tm_usec < 0 ||
+      xt.tm_sec < 0 || xt.tm_sec > 61 ||
+      xt.tm_min < 0 || xt.tm_min > 59 ||
+      xt.tm_hour < 0 || xt.tm_hour > 23 ||
+      xt.tm_mday < 1 || xt.tm_mday > 31 ||
+      xt.tm_mon < 0 || xt.tm_mon > 11 ||
+      xt.tm_year < 0 ||
+      xt.tm_wday < 0 || xt.tm_wday > 6 ||
+      xt.tm_yday < 0 || xt.tm_yday > 365)
+    return svn_error_create(SVN_ERR_X509_CERT_INVALID_DATE, NULL, NULL);
+
   ret = apr_time_exp_gmt_get(when, &xt);
   if (ret)
     return svn_error_wrap_apr(ret, NULL);


[prev in list] [next in list] [prev in thread] [next in thread]