projects / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9e1ce63)
asn1: Add additional validation for parsed ASN.1 date/time values
authorTobias Brunner <tobias@strongswan.org>
Wed, 5 Feb 2014 16:55:58 +0000 (17:55 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 12 Feb 2014 12:53:57 +0000 (13:53 +0100)
src/libstrongswan/asn1/asn1.c patch | blob | history
src/libstrongswan/tests/suites/test_asn1.c patch | blob | history

diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 835606a..21cf1e9 100644 (file)
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -402,13 +402,24 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
        /* representation of months as 0..11*/
        if (tm_mon < 1 || tm_mon > 12)
        {
-               return 0; /* error in month format */
+               return 0;
        }
        tm_mon--;
 
        /* representation of days as 0..30 */
+       if (tm_day < 1 || tm_day > 31)
+       {       /* we don't actually validate the day in relation to tm_year/tm_mon */
+               return 0;
+       }
        tm_day--;
 
+       if (tm_hour < 0 || tm_hour > 23 ||
+               tm_min < 0 || tm_min > 59 ||
+               tm_sec < 0 || tm_sec > 60 /* allow leap seconds */)
+       {
+               return 0;
+       }
+
        /* number of leap years between last year and 1970? */
        tm_leap_4 = (tm_year - 1) / 4;
        tm_leap_100 = tm_leap_4 / 25;
diff --git a/src/libstrongswan/tests/suites/test_asn1.c b/src/libstrongswan/tests/suites/test_asn1.c
index 65ae3b5..099dbcd 100644 (file)
--- a/src/libstrongswan/tests/suites/test_asn1.c
+++ b/src/libstrongswan/tests/suites/test_asn1.c
@@ -482,6 +482,14 @@ START_TEST(test_asn1_to_time)
                {            0, 0x17, "7001050203xxZ" },
                {            0, 0x17, "7000050203Z" },
                {            0, 0x17, "7013050203Z" },
+               {            0, 0x17, "7001004203Z" },
+               {            0, 0x17, "7001320203Z" },
+               {            0, 0x17, "700101-103Z" },
+               {            0, 0x17, "7001016003Z" },
+               {            0, 0x17, "70010102-1Z" },
+               {            0, 0x17, "7001010260Z" },
+               {            0, 0x17, "7001010203-1Z" },
+               {            0, 0x17, "700101020361Z" },
                {      5097600, 0x17, "7003010000Z" },
                {     68256000, 0x17, "7203010000Z" },
                {    951868800, 0x17, "0003010000Z" },
strongSwan - IPsec VPN