From: Matt Caswell <matt@openssl.org>
Date: Mon, 12 Feb 2018 17:47:50 +0000 (+0000)
Subject: Check the return code from ASN1_TIME_diff()
X-Git-Tag: OpenSSL_1_1_1-pre2~139
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=0d502c3511ab3b1c8acb129fb3af836727b8092d

Check the return code from ASN1_TIME_diff()

The function can fail so we should check the return code.

Found by Coverity

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5339)
---

diff --git a/apps/ca.c b/apps/ca.c
index a416f368a8..26c077858f 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1706,7 +1706,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
 
     if (enddate != NULL) {
         int tdays;
-        ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret));
+
+        if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)))
+            goto end;
         days = tdays;
     }