On 2022-01-06 08:44 +01, Otto Moerbeek <[email protected]> wrote:
> On Thu, Jan 06, 2022 at 08:38:37AM +0100, Otto Moerbeek wrote:
>> Looking at the loop again and seeing the "maximum length exceeded" I
>> think what has happened is that the loop exited without reading the
>> Date: line and so no call to strptime() happened at all.
>>
>> The code could be improved a bit by returning -1 in that case.
>>
>> -Otto
>>
>
> Like this
>
OK florian
p.s.: I have to say I find this code rather convoluted, figuring out
that this is actually correct took me way too long. (httpsdate is
allocated with calloc one function up and one to the left and nothing
touches tls_tm in between).
> Index: constraint.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ntpd/constraint.c,v
> retrieving revision 1.52
> diff -u -p -r1.52 constraint.c
> --- constraint.c 16 Jul 2021 13:59:10 -0000 1.52
> +++ constraint.c 6 Jan 2022 07:43:52 -0000
> @@ -1019,7 +1019,7 @@ httpsdate_request(struct httpsdate *http
> &httpsdate->tls_tm) == NULL) {
> log_warnx("unsupported date format");
> free(line);
> - return (-1);
> + goto fail;
> }
>
> free(line);
> @@ -1027,6 +1027,8 @@ httpsdate_request(struct httpsdate *http
> next:
> free(line);
> }
> + if (httpsdate->tls_tm.tm_year == 0)
> + goto fail;
>
> /*
> * Now manually check the validity of the certificate presented in the
>
--
I'm not entirely sure you are real.
