be more flexible about truncated ASN1 times

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 50811d2..62f2615 100644 (file)
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -28,6 +28,7 @@ FreeRADIUS 3.0.15 Fri 26 May 2017 13:00:00 EDT urgency=medium
          items
        * show reasons why we couldn't parse a certificate
          expiry time
+       * be more accepting about truncated ASN1 times.
        * Fix OpenSSL API issue which could leak small amounts
          of memory.  Issue reported by Guido Vranken.
        * For Access-Reject, call rad_authlog() after running

diff --git a/src/main/tls.c b/src/main/tls.c
index e14f435..6816ce6 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -1472,7 +1472,7 @@ static int ocsp_asn1time_to_epoch(time_t *out, char const *asn1)
                t.tm_year -= 1900;
        }
 
-       if ((end - p) < 10) {
+       if ((end - p) < 4) {
                fr_strerror_printf("ASN1 string too short, expected 10 additional bytes, got %zu bytes",
                                   end - p);
                return -1;
@@ -1482,14 +1482,21 @@ static int ocsp_asn1time_to_epoch(time_t *out, char const *asn1)
        t.tm_mon += (*(p++) - '0') - 1; // -1 since January is 0 not 1.
        t.tm_mday = (*(p++) - '0') * 10;
        t.tm_mday += (*(p++) - '0');
+
+       if ((end - p) < 2) goto done;
        t.tm_hour = (*(p++) - '0') * 10;
        t.tm_hour += (*(p++) - '0');
+
+       if ((end - p) < 2) goto done;
        t.tm_min = (*(p++) - '0') * 10;
        t.tm_min += (*(p++) - '0');
+
+       if ((end - p) < 2) goto done;
        t.tm_sec = (*(p++) - '0') * 10;
        t.tm_sec += (*(p++) - '0');
 
        /* Apparently OpenSSL converts all timestamps to UTC? Maybe? */
+done:
        *out = timegm(&t);
        return 0;
 }