Skip to content

Commit a4bf774

Browse files
embhornembhorn
committed
Add XGMTIME validation
1 parent 49a219e commit a4bf774

1 file changed

Lines changed: 23 additions & 6 deletions

File tree

wolfcrypt/src/asn.c

Lines changed: 23 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14488,6 +14488,23 @@ int GetTimeString(byte* date, int format, char* buf, int len)
1448814488
}
1448914489
#endif /* OPENSSL_ALL || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
1449014490

14491+
/* Check time struct for valid values. Returns 0 for success */
14492+
static int ValidateGmtime(struct tm* inTime)
14493+
{
14494+
int ret = 1;
14495+
if ((inTime != NULL) &&
14496+
(inTime->tm_sec >= 0) && (inTime->tm_sec <= 61) &&
14497+
(inTime->tm_min >= 0) && (inTime->tm_min <= 59) &&
14498+
(inTime->tm_hour >= 0) && (inTime->tm_hour <= 23) &&
14499+
(inTime->tm_mday >= 1) && (inTime->tm_mday <= 31) &&
14500+
(inTime->tm_mon >= 0) && (inTime->tm_mon <= 11) &&
14501+
(inTime->tm_wday >= 0) && (inTime->tm_wday <= 6) &&
14502+
(inTime->tm_yday >= 0) && (inTime->tm_yday <= 365)) {
14503+
ret = 0;
14504+
}
14505+
14506+
return ret;
14507+
}
1449114508

1449214509
#if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
1449314510
!defined(TIME_OVERRIDES) && (defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7))
@@ -14564,7 +14581,7 @@ int GetFormattedTime(void* currTime, byte* buf, word32 len)
1456414581
return BAD_FUNC_ARG;
1456514582

1456614583
ts = (struct tm *)XGMTIME((time_t*)currTime, tmpTime);
14567-
if (ts == NULL) {
14584+
if (ValidateGmtime(ts)) {
1456814585
WOLFSSL_MSG("failed to get time data.");
1456914586
return ASN_TIME_E;
1457014587
}
@@ -14731,7 +14748,7 @@ int wc_ValidateDate(const byte* date, byte format, int dateType)
1473114748
ltime -= (time_t)timeDiff;
1473214749
localTime = XGMTIME(&ltime, tmpTime);
1473314750

14734-
if (localTime == NULL) {
14751+
if (ValidateGmtime(localTime)) {
1473514752
WOLFSSL_MSG("XGMTIME failed");
1473614753
return 0;
1473714754
}
@@ -28102,7 +28119,7 @@ static int SetValidity(byte* output, int daysValid)
2810228119
/* subtract 1 day of seconds for more compliance */
2810328120
then = now - 86400;
2810428121
expandedTime = XGMTIME(&then, tmpTime);
28105-
if (expandedTime == NULL) {
28122+
if (ValidateGmtime(expandedTime)) {
2810628123
WOLFSSL_MSG("XGMTIME failed");
2810728124
return 0; /* error */
2810828125
}
@@ -28121,7 +28138,7 @@ static int SetValidity(byte* output, int daysValid)
2812128138
/* add daysValid of seconds */
2812228139
then = now + (daysValid * (time_t)86400);
2812328140
expandedTime = XGMTIME(&then, tmpTime);
28124-
if (expandedTime == NULL) {
28141+
if (ValidateGmtime(expandedTime)) {
2812528142
WOLFSSL_MSG("XGMTIME failed");
2812628143
return 0; /* error */
2812728144
}
@@ -28170,7 +28187,7 @@ static int SetValidity(byte* before, byte* after, int daysValid)
2817028187
/* subtract 1 day of seconds for more compliance */
2817128188
then = now - 86400;
2817228189
expandedTime = XGMTIME(&then, tmpTime);
28173-
if (expandedTime == NULL) {
28190+
if (ValidateGmtime(expandedTime)) {
2817428191
WOLFSSL_MSG("XGMTIME failed");
2817528192
ret = DATE_E;
2817628193
}
@@ -28186,7 +28203,7 @@ static int SetValidity(byte* before, byte* after, int daysValid)
2818628203
/* add daysValid of seconds */
2818728204
then = now + (daysValid * (time_t)86400);
2818828205
expandedTime = XGMTIME(&then, tmpTime);
28189-
if (expandedTime == NULL) {
28206+
if (ValidateGmtime(expandedTime)) {
2819028207
WOLFSSL_MSG("XGMTIME failed");
2819128208
ret = DATE_E;
2819228209
}

0 commit comments

Comments
 (0)