From 54dc00cbd2d28239a345a948269b277a4f4aab13 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Fri, 7 Apr 2017 14:33:29 +0200
Subject: x509/time: reject invalid dates in local mktime()

Resolves #135

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/x509/time.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/x509/time.c b/lib/x509/time.c
index 39f47a85f3..4d2b789268 100644
--- a/lib/x509/time.c
+++ b/lib/x509/time.c
@@ -85,6 +85,10 @@ static time_t mktime_utc(const struct fake_tm *tm)
 	if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970)
 		return (time_t) - 1;
 
+	/* Check for "obvious" mistakes in dates */
+	if (tm->tm_sec > 60 || tm->tm_min > 59 || tm->tm_mday > 31 || tm->tm_mday < 1 || tm->tm_hour > 23)
+		return (time_t) - 1;
+
 /* Convert to a time_t. 
  */
 	for (i = 1970; i < tm->tm_year; i++)
-- 
cgit v1.2.1