projects / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 41436a1)
* asn1_encode.c (asn1_encode_generaltime): Sanity check the return
authorTom Yu <tlyu@mit.edu>
Fri, 17 Apr 1998 00:56:48 +0000 (00:56 +0000)
committerTom Yu <tlyu@mit.edu>
Fri, 17 Apr 1998 00:56:48 +0000 (00:56 +0000)
from gmtime() to avoid overruns.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10534 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/asn.1/ChangeLog patch | blob | history
src/lib/krb5/asn.1/asn1_encode.c patch | blob | history

diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog
index f15192816e1b0b0e438f2493816608d36edd1bf5..de87d7766d40df5dfb38ff2fd3a837d750665b0b 100644 (file)
--- a/src/lib/krb5/asn.1/ChangeLog
+++ b/src/lib/krb5/asn.1/ChangeLog
@@ -1,3 +1,8 @@
+Thu Apr 16 17:01:27 1998  Tom Yu  <tlyu@mit.edu>
+
+       * asn1_encode.c (asn1_encode_generaltime): Sanity check the return
+       from gmtime() to avoid overruns.
+
 Fri Feb 27 18:03:33 1998  Theodore Ts'o  <tytso@rsts-11.mit.edu>
 
        * Makefile.in: Changed thisconfigdir to point at the lib/krb5
diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c
index 16c25ca24d51af5343d64b1ae9d75feba2b259df..826fc94af07f01b0812f1f7cf0d511a4fb30eb3a 100644 (file)
--- a/src/lib/krb5/asn.1/asn1_encode.c
+++ b/src/lib/krb5/asn.1/asn1_encode.c
@@ -203,7 +203,17 @@ asn1_error_code asn1_encode_generaltime(buf, val, retlen)
   gmt_time = val + EPOCH;
   gtime = gmtime(&gmt_time);
 
-  /* Time encoding: YYYYMMDDhhmmssZ */
+  /*
+   * Time encoding: YYYYMMDDhhmmssZ
+   *
+   * Sanity check this just to be paranoid, as gmtime can return NULL,
+   * and some bogus implementations might overrun on the sprintf.
+   */
+  if (gtime == NULL ||
+      gtime->tm_year > 9999 || gtime->tm_mon > 11 ||
+      gtime->tm_mday > 31 || gtime->tm_hour > 23 ||
+      gtime->tm_min > 59 || gtime->tm_sec > 59)
+    return ASN1_BAD_GMTIME;
   sprintf(s, "%04d%02d%02d%02d%02d%02dZ",
          1900+gtime->tm_year, gtime->tm_mon+1, gtime->tm_mday,
          gtime->tm_hour, gtime->tm_min, gtime->tm_sec);
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.