Ensure additions in this call can't overflow.
from libressl
Change-Id: Iaec558fb6d3c698deb000c45b34aa94911e60a06
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65967
Auto-Submit: Bob Beck <bbe@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/asn1/posix_time.c b/crypto/asn1/posix_time.c
index 5ac4eeb..2422bd3 100644
--- a/crypto/asn1/posix_time.c
+++ b/crypto/asn1/posix_time.c
@@ -143,6 +143,11 @@
}
int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out) {
+ // Ensure the additions below do not overflow.
+ if (tm->tm_year > 9999 || tm->tm_mon > 12) {
+ return 0;
+ }
+
return posix_time_from_utc(tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
tm->tm_hour, tm->tm_min, tm->tm_sec, out);
}
