CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2020/12/16 11:35:59
Modified files:
lib/libcrypto/asn1: a_time_tm.c
Log message:
Avoid potential use of uninitialized in ASN1_time_parse
When parsing an UTCTime into a struct tm that wasn't cleared by the caller,
the years would be added to the already present value, which could give an
incorrect result. This is an issue in ASN1_UTCTIME_cmp_time_t(), which is
practically unused. Fix this by always zeroing the passed struct tm.
Issue reported by Olivier Taïbi, thanks!
ok jsing
