diff options
| author | nelsonb%netscape.com <devnull@localhost> | 2003-12-05 04:53:28 +0000 |
|---|---|---|
| committer | nelsonb%netscape.com <devnull@localhost> | 2003-12-05 04:53:28 +0000 |
| commit | b6c041a61f9d369682a947135dd3bb00ef6e6c10 (patch) | |
| tree | 6902bb5dda414fc96e4a0581f2e6b4216115c04c | |
| parent | 4f7e12556ce291e6cb5842dd174bcc920347c99e (diff) | |
| download | nss-hg-b6c041a61f9d369682a947135dd3bb00ef6e6c10.tar.gz | |
Further simplification and improvement of the parsing of UTCTime
and GeneralizedTime to avoid UMRs. Bugscape bug 54198. r=wtc
| -rw-r--r-- | security/nss/lib/util/dertime.c | 62 | ||||
| -rw-r--r-- | security/nss/lib/util/secder.h | 6 |
2 files changed, 44 insertions, 24 deletions
diff --git a/security/nss/lib/util/dertime.c b/security/nss/lib/util/dertime.c index 52b71b687..a4d065229 100644 --- a/security/nss/lib/util/dertime.c +++ b/security/nss/lib/util/dertime.c @@ -125,9 +125,15 @@ DER_TimeToUTCTime(SECItem *dst, int64 gmttime) return DER_TimeToUTCTimeArena(NULL, dst, gmttime); } - +/* The caller of DER_AsciiToItem MUST ENSURE that either +** a) "string" points to a null-terminated ASCII string, or +** b) "string" points to a buffer containing a valid UTCTime, +** whether null terminated or not. +** otherwise, this function may UMR and/or crash. +** It suffices to ensure that the input "string" is at least 17 bytes long. +*/ SECStatus -DER_AsciiToTime(int64 *dst, char *string) +DER_AsciiToTime(int64 *dst, const char *string) { long year, month, mday, hour, minute, second, hourOff, minOff, days; int64 result, tmp1, tmp2; @@ -223,19 +229,27 @@ DER_AsciiToTime(int64 *dst, char *string) } SECStatus -DER_UTCTimeToTime(int64 *dst, SECItem *time) +DER_UTCTimeToTime(int64 *dst, const SECItem *time) { - char localBuf[100]; + const char * string; + char localBuf[20]; - /* Minimum valid UTCTime is yymmddhhmmZ which is 11 bytes. */ - /* 80 should be large enough for all valid encoded times. */ - if (time && time->len >= 11 && time->len <= 80 && time->data) { + /* Minimum valid UTCTime is yymmddhhmmZ which is 11 bytes. + ** Maximum valid UTCTime is yymmddhhmmss+0000 which is 17 bytes. + ** 20 should be large enough for all valid encoded times. + */ + if (!time || !time->data || time->len < 11) { + PORT_SetError(SEC_ERROR_INVALID_TIME); + return SECFailure; + } + if (time->len >= sizeof localBuf) { + string = (const char *)time->data; + } else { + memset(localBuf, 0, sizeof localBuf); memcpy(localBuf, time->data, time->len); - PORT_Memset(localBuf + time->len, 0, (sizeof localBuf) - time->len); - return DER_AsciiToTime(dst, localBuf); + string = (const char *)localBuf; } - PORT_SetError(SEC_ERROR_INVALID_TIME); - return SECFailure; + return DER_AsciiToTime(dst, string); } /* @@ -302,23 +316,29 @@ DER_TimeToGeneralizedTime(SECItem *dst, int64 gmttime) the certificate should be consider invalid!? */ SECStatus -DER_GeneralizedTimeToTime(int64 *dst, SECItem *time) +DER_GeneralizedTimeToTime(int64 *dst, const SECItem *time) { PRExplodedTime genTime; - char *string; + const char *string; long hourOff, minOff; uint16 century; - char localBuf[100]; + char localBuf[20]; - /* minimum valid GeneralizeTime is ccyymmddhhmmZ which is 13 bytes. */ - if (time && time->len >= 13 && time->len < 80 && time->data) { - memcpy(localBuf, time->data, time->len); - PORT_Memset(localBuf + time->len, 0, (sizeof localBuf) - time->len); - } else + /* Minimum valid GeneralizedTime is ccyymmddhhmmZ which is 13 bytes. + ** Maximum valid GeneralizedTime is ccyymmddhhmmss+0000 which is 19 bytes. + ** 20 should be large enough for all valid encoded times. + */ + if (!time || !time->data || time->len < 13) goto loser; + if (time->len >= sizeof localBuf) { + string = (const char *)time->data; + } else { + memset(localBuf, 0, sizeof localBuf); + memcpy(localBuf, time->data, time->len); + string = (const char *)localBuf; + } - string = localBuf; - PORT_Memset (&genTime, 0, sizeof (genTime)); + memset(&genTime, 0, sizeof genTime); /* Verify time is formatted properly and capture information */ hourOff = 0; diff --git a/security/nss/lib/util/secder.h b/security/nss/lib/util/secder.h index a54967f61..d95c3b98a 100644 --- a/security/nss/lib/util/secder.h +++ b/security/nss/lib/util/secder.h @@ -148,12 +148,12 @@ extern SECStatus DER_TimeToUTCTimeArena(PRArenaPool* arenaOpt, ** "result" the resulting "UNIX" time ** "string" the der notation ascii value to decode */ -extern SECStatus DER_AsciiToTime(int64 *result, char *string); +extern SECStatus DER_AsciiToTime(int64 *result, const char *string); /* ** Same as DER_AsciiToTime except takes an SECItem instead of a string */ -extern SECStatus DER_UTCTimeToTime(int64 *result, SECItem *time); +extern SECStatus DER_UTCTimeToTime(int64 *result, const SECItem *time); /* ** Convert a DER encoded UTC time to an ascii time representation @@ -186,7 +186,7 @@ extern SECStatus DER_TimeToGeneralizedTimeArena(PRArenaPool* arenaOpt, ** "dst" the resulting "UNIX" time ** "string" the der notation ascii value to decode */ -extern SECStatus DER_GeneralizedTimeToTime(int64 *dst, SECItem *time); +extern SECStatus DER_GeneralizedTimeToTime(int64 *dst, const SECItem *time); /* ** Convert from a int64 UTC time value to a formatted ascii value. The |