From 47eebebaa86267ceb1fc45ffb73caf87b007154c Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 3 Nov 2021 13:44:15 +0000 Subject: [PATCH] Fix ASN1_TIME_diff() with NULL times The ASN1_TIME_diff() API accepts NULL ASN1_TIMEs and interprets them as "now". This is used in sysutils/monit, as found by semarie with a crash after update. Implement this behavior by porting a version of ASN1_TIME_to_tm() to LibreSSL and using it in ASN1_TIME_diff(). Tested by semarie ok beck jsing semarie --- lib/libcrypto/asn1/a_time.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/lib/libcrypto/asn1/a_time.c b/lib/libcrypto/asn1/a_time.c index aa6f1c07731..6e4f1a8065f 100644 --- a/lib/libcrypto/asn1/a_time.c +++ b/lib/libcrypto/asn1/a_time.c @@ -1,4 +1,4 @@ -/* $OpenBSD: a_time.c,v 1.30 2021/10/28 14:24:08 tb Exp $ */ +/* $OpenBSD: a_time.c,v 1.31 2021/11/03 13:44:15 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -106,14 +106,29 @@ ASN1_TIME_free(ASN1_TIME *a) ASN1_item_free((ASN1_VALUE *)a, &ASN1_TIME_it); } +/* Public API in OpenSSL. Kept internal for now. */ +static int +ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm) +{ + time_t now; + + if (s != NULL) + return ASN1_time_parse(s->data, s->length, tm, 0) != -1; + + time(&now); + memset(tm, 0, sizeof(*tm)); + + return gmtime_r(&now, tm) != NULL; +} + int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, const ASN1_TIME *to) { struct tm tm_from, tm_to; - if (ASN1_time_parse(from->data, from->length, &tm_from, 0) == -1) + if (!ASN1_TIME_to_tm(from, &tm_from)) return 0; - if (ASN1_time_parse(to->data, to->length, &tm_to, 0) == -1) + if (!ASN1_TIME_to_tm(to, &tm_to)) return 0; return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to); -- 2.20.1