[openssl.org #493] Bug report with patch: openssl 0.9.7 ocsp server sends wrong time strings

Fri, 07 Feb 2003 07:32:38 -0800 

Hello.

I want to report a bug in the openssl 0.9.7 ocsp server.  The
self-test report and a proposed patch is included below.

When I start openssl ocsp in server mode in a CA directory

   # Server
   $ openssl ocsp -index index.txt -CA CA.crt -rsigner CA.crt \
     -rkey CA.key -ndays 1 -port 4444

and submit an OCSP request

   # Client
   $ openssl ocsp -url http://localhost:4444/ -CAfile CA.crt \
   -issuer CA.crt -cert test.crt -respout test.ors

I get these error messages:

   Response verify OK
   test.crt: WARNING: Status times invalid.
   8601:error:2707307B:OCSP routines:OCSP_check_validity:error in 
thisupdate field:ocsp_cl.c:319:
   8601:error:2707307A:OCSP routines:OCSP_check_validity:error in 
nextupdate field:ocsp_cl.c:349:
   good
          This Update: Feb  7 14:23:19 2003
          Next Update: Feb  8 14:23:19 2003

The reported times are off by one hour and the time zone is missing (I
am in CET time zone).  Looking at the saved OCSP response reveals that
the trailing "Z" is missing from the time strings.

   $ strings test.ors | grep 2003
   20030207142319Z0d0b0:0
   20030207142319
   20030208142319

The proposed patch below fixes this problem.  But because I am not
familiar with the OpenSSL internals at all I suggest that someone
more experienced has a look at it before accepting the patch.

OpenSSL self-test report:

OpenSSL version:  0.9.7
Last change:      Fix session ID handling in SSLv2 client code: the SERVE...
Options:          --prefix=/usr/local --openssldir=/var/local/lib/ssl 
no-hw shared -O2 -march=i686 -mcpu=i686 -pipe no-krb5
OS (uname):       Linux testlab-hdd15 2.4.18-4GB #1 Wed Mar 27 13:57:05 
UTC 2002 i686 unknown
OS (config):      i686-whatever-linux2
Target (default): linux-pentium
Target:           linux-pentium
Compiler:         gcc version 2.95.3 20010315 (SuSE)

Test skipped.


Here is the proposed patch.  Apply with -p1 in the openssl source directory

Index: openssl-0.9.7/crypto/buffer/buffer.c
--- openssl-0.9.7/crypto/buffer/buffer.c        Tue Nov 12 14:21:59 2002
+++ openssl-0.9.7+/crypto/buffer/buffer.c       Fri Jan 31 15:34:39 2003
@@ -183,7 +183,7 @@
  size_t BUF_strlcpy(char *dst, const char *src, size_t size)
        {
        size_t l = 0;
-       for(; size > 1 && *src; size--)
+       for(; size > 0 && *src; size--)
                {
                *dst++ = *src++;
                l++;
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to