From 2d0ffbbdc75e104437688f49fd15a846a946b5f1 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 17 Oct 2016 22:32:47 +0100 Subject: [PATCH] Fix integration of bugfix for #626 Adds check for validity of date in x509_get_time() back in, as it was lost in the merge. --- library/x509.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/library/x509.c b/library/x509.c index e671fabff..5466ca5e5 100644 --- a/library/x509.c +++ b/library/x509.c @@ -621,21 +621,27 @@ int x509_get_time( unsigned char **p, const unsigned char *end, { (*p)++; ret = asn1_get_len( p, end, &len ); - if( ret != 0 ) return( POLARSSL_ERR_X509_INVALID_DATE + ret ); - return x509_parse_time( p, len, 2, time ); + CHECK( x509_parse_time( p, len, 2, time ) ); + + CHECK( x509_date_is_valid( time ) ); + + return( 0 ); } else if( tag == ASN1_GENERALIZED_TIME ) { (*p)++; ret = asn1_get_len( p, end, &len ); - if( ret != 0 ) return( POLARSSL_ERR_X509_INVALID_DATE + ret ); - return x509_parse_time( p, len, 4, time ); + CHECK( x509_parse_time( p, len, 4, time ) ); + + CHECK( x509_date_is_valid( time ) ); + + return( 0 ); } else return( POLARSSL_ERR_X509_INVALID_DATE +