From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 12 Jul 2017 15:53:29 +0000 (-0400)
Subject: be more flexible about truncated ASN1 times
X-Git-Tag: release_3_0_15~4
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=freeradius.git;a=commitdiff_plain;h=9571d949f5f2b3e634b17e8cf5f2f822065d71c5

be more flexible about truncated ASN1 times
---

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 50811d2..62f2615 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -28,6 +28,7 @@ FreeRADIUS 3.0.15 Fri 26 May 2017 13:00:00 EDT urgency=medium
 	  items
 	* show reasons why we couldn't parse a certificate
 	  expiry time
+	* be more accepting about truncated ASN1 times.
 	* Fix OpenSSL API issue which could leak small amounts
 	  of memory.  Issue reported by Guido Vranken.
 	* For Access-Reject, call rad_authlog() after running
diff --git a/src/main/tls.c b/src/main/tls.c
index e14f435..6816ce6 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -1472,7 +1472,7 @@ static int ocsp_asn1time_to_epoch(time_t *out, char const *asn1)
 		t.tm_year -= 1900;
 	}
 
-	if ((end - p) < 10) {
+	if ((end - p) < 4) {
 		fr_strerror_printf("ASN1 string too short, expected 10 additional bytes, got %zu bytes",
 				   end - p);
 		return -1;
@@ -1482,14 +1482,21 @@ static int ocsp_asn1time_to_epoch(time_t *out, char const *asn1)
 	t.tm_mon += (*(p++) - '0') - 1; // -1 since January is 0 not 1.
 	t.tm_mday = (*(p++) - '0') * 10;
 	t.tm_mday += (*(p++) - '0');
+
+	if ((end - p) < 2) goto done;
 	t.tm_hour = (*(p++) - '0') * 10;
 	t.tm_hour += (*(p++) - '0');
+
+	if ((end - p) < 2) goto done;
 	t.tm_min = (*(p++) - '0') * 10;
 	t.tm_min += (*(p++) - '0');
+
+	if ((end - p) < 2) goto done;
 	t.tm_sec = (*(p++) - '0') * 10;
 	t.tm_sec += (*(p++) - '0');
 
 	/* Apparently OpenSSL converts all timestamps to UTC? Maybe? */
+done:
 	*out = timegm(&t);
 	return 0;
 }