add test for provoking integer overflow in ossl_asn1_time_from_tm

this needs a sanitized 64 bit time_t build to be detected (or possibly
valgrind, trapv or similar)

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22976)

diff --git a/test/asn1_time_test.c b/test/asn1_time_test.c
index 3344b76eae673ce1dbf8afb9aea06ef0b421b52d..aa1aa79ebbbca3900f8810e2b1e2bfaa7eca5cac 100644 (file)
--- a/test/asn1_time_test.c
+++ b/test/asn1_time_test.c
@@ -9,6 +9,7 @@
 
 /* Time tests for the asn1 module */
 
+#include <limits.h>
 #include <stdio.h>
 #include <string.h>
 
@@ -443,6 +444,30 @@ static int convert_asn1_to_time_t(int idx)
     return 1;
 }
 
+/*
+ * this test is here to exercise ossl_asn1_time_from_tm
+ * with an integer year close to INT_MAX.
+ */
+static int convert_tm_to_asn1_time(void)
+{
+    /* we need 64 bit time_t */
+#if ((ULONG_MAX >> 31) >> 31) >= 1
+    time_t t;
+    ASN1_TIME *at;
+
+    if (sizeof(time_t) * CHAR_BIT >= 64) {
+        t = 67768011791126057ULL;
+        at = ASN1_TIME_set(NULL, t);
+        /*
+         * If ASN1_TIME_set returns NULL, it means it could not handle the input
+         * which is fine for this edge case.
+         */
+        ASN1_STRING_free(at);
+    }
+#endif
+    return 1;
+}
+
 int setup_tests(void)
 {
     /*
@@ -479,5 +504,6 @@ int setup_tests(void)
     ADD_ALL_TESTS(test_table_compare, OSSL_NELEM(tbl_compare_testdata));
     ADD_TEST(test_time_dup);
     ADD_ALL_TESTS(convert_asn1_to_time_t, OSSL_NELEM(asn1_to_utc));
+    ADD_TEST(convert_tm_to_asn1_time);
     return 1;
 }