diff options
author | nelsonb%netscape.com <devnull@localhost> | 2003-12-03 04:03:40 +0000 |
---|---|---|
committer | nelsonb%netscape.com <devnull@localhost> | 2003-12-03 04:03:40 +0000 |
commit | f045500431bf325694d9cbc112804e555b9cdac8 (patch) | |
tree | 50df02ff0611c1fea93067354a3c88ff6f31684b | |
parent | 5706f389c488932628920c6df0fa108db331039d (diff) | |
download | nss-hg-f045500431bf325694d9cbc112804e555b9cdac8.tar.gz |
Avoid UMRs in dertime.c. Bugscape bug 54198. r=wtc.
-rw-r--r-- | security/nss/lib/util/dertime.c | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/security/nss/lib/util/dertime.c b/security/nss/lib/util/dertime.c index 50036f258..52b71b687 100644 --- a/security/nss/lib/util/dertime.c +++ b/security/nss/lib/util/dertime.c @@ -225,7 +225,17 @@ DER_AsciiToTime(int64 *dst, char *string) SECStatus DER_UTCTimeToTime(int64 *dst, SECItem *time) { - return DER_AsciiToTime(dst, (char*) time->data); + char localBuf[100]; + + /* Minimum valid UTCTime is yymmddhhmmZ which is 11 bytes. */ + /* 80 should be large enough for all valid encoded times. */ + if (time && time->len >= 11 && time->len <= 80 && time->data) { + memcpy(localBuf, time->data, time->len); + PORT_Memset(localBuf + time->len, 0, (sizeof localBuf) - time->len); + return DER_AsciiToTime(dst, localBuf); + } + PORT_SetError(SEC_ERROR_INVALID_TIME); + return SECFailure; } /* @@ -298,8 +308,16 @@ DER_GeneralizedTimeToTime(int64 *dst, SECItem *time) char *string; long hourOff, minOff; uint16 century; + char localBuf[100]; + + /* minimum valid GeneralizeTime is ccyymmddhhmmZ which is 13 bytes. */ + if (time && time->len >= 13 && time->len < 80 && time->data) { + memcpy(localBuf, time->data, time->len); + PORT_Memset(localBuf + time->len, 0, (sizeof localBuf) - time->len); + } else + goto loser; - string = (char *)time->data; + string = localBuf; PORT_Memset (&genTime, 0, sizeof (genTime)); /* Verify time is formatted properly and capture information */ |