px5g: creates certificates that expire in the past
the attached patch fixes a bug of px5g when instructed to build certificates that expire after 2038-01-19, caused a multiplication that may overflow the "to" variable of type time_t Attached patch checks if "to" precedes "from": if so sets "to" to its maximum value. Pretty rude, but works well even if certificate is set to expire in a century Signed-off-by: Federico Fissore <federico@fissore.org> Patchork: http://patchwork.openwrt.org/patch/3749/ SVN-Revision: 37165
This commit is contained in:
John Crispin
parent
a1734998ee
commit
62cd76ab2c
1 changed files with 3 additions and 0 deletions
|
|
@ -22,6 +22,7 @@
|
|||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include <limits.h>
|
||||
#include "polarssl/havege.h"
|
||||
#include "polarssl/bignum.h"
|
||||
#include "polarssl/x509.h"
|
||||
|
|
@ -157,6 +158,8 @@ int selfsigned(char **arg) {
|
|||
from = (from < 1000000000) ? 1000000000 : from;
|
||||
strftime(fstr, sizeof(fstr), "%F %H:%M:%S", gmtime(&from));
|
||||
to = from + 60 * 60 * 24 * days;
|
||||
if (to < from)
|
||||
to = INT_MAX;
|
||||
strftime(tstr, sizeof(tstr), "%F %H:%M:%S", gmtime(&to));
|
||||
|
||||
x509_raw cert;
|
||||
|
|
|
|||
Loading…
Reference in a new issue