Tolerate a SEQUENCE in DN components.

[openssl.git] / crypto / asn1 / a_gentm.c

diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c
index 185d16960038772b84e1ef1a9c6bd16880664ccb..4114f7e31ac565eebd383a2a95494075757eb105 100644 (file)
--- a/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
@@ -61,6 +61,7 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
+#include "o_time.h"
 #include <openssl/asn1.h>
 
 #if 0
@@ -145,6 +146,19 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
 
                if ((n < min[i]) || (n > max[i])) goto err;
                }
+       /* Optional fractional seconds: decimal point followed by one
+        * or more digits.
+        */
+       if (a[o] == '.')
+               {
+               if (++o > l) goto err;
+               i = o;
+               while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
+                       o++;
+               /* Must have at least one digit after decimal point */
+               if (i == o) goto err;
+               }
+
        if (a[o] == 'Z')
                o++;
        else if ((a[o] == '+') || (a[o] == '-'))
@@ -162,12 +176,17 @@ int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
                        o++;
                        }
                }
+       else
+               {
+               /* Missing time zone information. */
+               goto err;
+               }
        return(o == l);
 err:
        return(0);
        }
 
-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
        {
        ASN1_GENERALIZEDTIME t;
 
@@ -178,8 +197,9 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
                {
                if (s != NULL)
                        {
-                       ASN1_STRING_set((ASN1_STRING *)s,
-                               (unsigned char *)str,t.length);
+                       if (!ASN1_STRING_set((ASN1_STRING *)s,
+                               (unsigned char *)str,t.length))
+                               return 0;
                        s->type=V_ASN1_GENERALIZEDTIME;
                        }
                return(1);
@@ -193,33 +213,35 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
        {
        char *p;
        struct tm *ts;
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
        struct tm data;
-#endif
+       size_t len = 20; 
 
        if (s == NULL)
                s=M_ASN1_GENERALIZEDTIME_new();
        if (s == NULL)
                return(NULL);
 
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
-       gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
-       ts=&data;
-#else
-       ts=gmtime(&t);
-#endif
+       ts=OPENSSL_gmtime(&t, &data);
+       if (ts == NULL)
+               return(NULL);
+
        p=(char *)s->data;
-       if ((p == NULL) || (s->length < 16))
+       if ((p == NULL) || ((size_t)s->length < len))
                {
-               p=OPENSSL_malloc(20);
-               if (p == NULL) return(NULL);
+               p=OPENSSL_malloc(len);
+               if (p == NULL)
+                       {
+                       ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
+                               ERR_R_MALLOC_FAILURE);
+                       return(NULL);
+                       }
                if (s->data != NULL)
                        OPENSSL_free(s->data);
                s->data=(unsigned char *)p;
                }
 
-       sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
-               ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+       BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
+                    ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
        s->length=strlen(p);
        s->type=V_ASN1_GENERALIZEDTIME;
 #ifdef CHARSET_EBCDIC_not