pki: Avoid integer overflow when calculating certificate lifetimes.
authorTobias Brunner <tobias@strongswan.org>
Fri, 23 Dec 2011 15:33:24 +0000 (16:33 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 23 Dec 2011 15:33:24 +0000 (16:33 +0100)
This only works properly if sizeof(time_t) > 4.

src/pki/commands/issue.c
src/pki/commands/self.c
src/pki/commands/signcrl.c

index 6a5686d..20163ed 100644 (file)
@@ -67,11 +67,11 @@ static int issue()
        char *error = NULL, *keyid = NULL;
        identification_t *id = NULL;
        linked_list_t *san, *cdps, *ocsp, *permitted, *excluded, *policies, *mappings;
-       int lifetime = 1095;
        int pathlen = X509_NO_CONSTRAINT, inhibit_any = X509_NO_CONSTRAINT;
        int inhibit_mapping = X509_NO_CONSTRAINT, require_explicit = X509_NO_CONSTRAINT;
        chunk_t serial = chunk_empty;
        chunk_t encoding = chunk_empty;
+       time_t lifetime = 1095;
        time_t not_before, not_after;
        x509_flag_t flags = 0;
        x509_t *x509;
index c7788ff..c4508a6 100644 (file)
@@ -55,11 +55,11 @@ static int self()
        char *file = NULL, *dn = NULL, *hex = NULL, *error = NULL, *keyid = NULL;
        identification_t *id = NULL;
        linked_list_t *san, *ocsp, *permitted, *excluded, *policies, *mappings;
-       int lifetime = 1095;
        int pathlen = X509_NO_CONSTRAINT, inhibit_any = X509_NO_CONSTRAINT;
        int inhibit_mapping = X509_NO_CONSTRAINT, require_explicit = X509_NO_CONSTRAINT;
        chunk_t serial = chunk_empty;
        chunk_t encoding = chunk_empty;
+       time_t lifetime = 1095;
        time_t not_before, not_after;
        x509_flag_t flags = 0;
        x509_cert_policy_t *policy = NULL;
index 9a21bd9..827fd73 100644 (file)
@@ -124,7 +124,7 @@ static int sign_crl()
        int serial_len = 0;
        crl_reason_t reason = CRL_REASON_UNSPECIFIED;
        time_t thisUpdate, nextUpdate, date = time(NULL);
-       int lifetime = 15;
+       time_t lifetime = 15;
        linked_list_t *list, *cdps;
        enumerator_t *enumerator, *lastenum = NULL;
        x509_cdp_t *cdp;