[openssl.org #1097] Bug Report

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[openssl.org #1097] Bug Report

Rich Salz via RT

In function X509_cmp_time file X509_vfy.c

Existing code for handling offset on validity time:

        if (*str == 'Z')
                offset=0;
        else
                {
                printf("*str != Z is %c\n",*str);
                if ((*str != '+') && (str[5] != '-'))
                        return 0;
                offset=((str[1]-'0')*10+(str[2]-'0'))*60;
                offset+=(str[3]-'0')*10+(str[4]-'0');
                if (*str == '-')
                        offset= -offset;
                }

Should be:

        if (*str == 'Z')
                offset=0;
        else
                {
                printf("*str != Z is %c\n",*str);
                if ((*str != '+') && (*str != '-'))
                        return 0;
                offset=((str[1]-'0')*10+(str[2]-'0'))*60;
                offset+=(str[3]-'0')*10+(str[4]-'0');
                if (*str == '-')
                        offset= -offset;
                }

The existing code will accept

"050603014800+1800", but not "050603014800-0600"  

> Jim Heit
> Enterprise Server Communications Engineering
> UNISYS Central Development Laboratory
> Roseville, MN USA
> +1(651)635-3169  Net2 524-3169
> Fax +1(651)635-5260 Net2 524-5260
>                 Reply to: [hidden email]
>
 

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
 


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]