Hi everyone
the attached patch fixes a bug of px5g when instructed to build
certificates that expire after 2038-01-19, caused a multiplication that
may overflow the "to" variable of type time_t
Attached patch checks if "to" precedes "from": if so sets "to" to its
maximum value. Pretty rude, but works well even if certificate is set to
expire in a century
Signed-off-by: Federico Fissore <[email protected]>
diff --git a/package/px5g/src/px5g.c b/package/px5g/src/px5g.c
index 2b3e785..70e7b90 100644
--- a/package/px5g/src/px5g.c
+++ b/package/px5g/src/px5g.c
@@ -22,6 +22,7 @@
#include <stdlib.h>
#include <string.h>
#include <time.h>
+#include <limits.h>
#include "polarssl/havege.h"
#include "polarssl/bignum.h"
#include "polarssl/x509.h"
@@ -157,6 +158,9 @@ int selfsigned(char **arg) {
from = (from < 1000000000) ? 1000000000 : from;
strftime(fstr, sizeof(fstr), "%F %H:%M:%S", gmtime(&from));
to = from + 60 * 60 * 24 * days;
+ if (to < from) {
+ to = INT_MAX;
+ }
strftime(tstr, sizeof(tstr), "%F %H:%M:%S", gmtime(&to));
x509_raw cert;
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel