feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Stop assuming dates are NULL terminated

Browse Source
This commit is contained in:
Anthony Hu
2025-03-28 17:52:46 -04:00
parent 67d2abfa86
commit 425eb7ff39
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
wolfcrypt/src/asn.c
View File

@@ -15030,18 +15030,18 @@ int ExtractDate(const unsigned char* date, unsigned char format,
{ {
int i = *idx; int i = *idx;
/* Validate date string length based on format */ /* Validate date string length based on format Can not assume null
* terminated strings. Must check for the 'Z'. Subtract 2; one for zero
* indexing and one to exclude null terminator built into macro values */
if (format == ASN_UTC_TIME) { if (format == ASN_UTC_TIME) {
/* UTCTime format requires YYMMDDHHMMSSZ. /* UTCTime format requires YYMMDDHHMMSSZ. */
* subtract 1 to exclude null terminator. */ if (date[i + ASN_UTC_TIME_SIZE - 2] != 'Z') {
if (XSTRLEN((const char*)date + i) < (ASN_UTC_TIME_SIZE - 1)) {
return ASN_PARSE_E; return ASN_PARSE_E;
} }
} }
else if (format == ASN_GENERALIZED_TIME) { else if (format == ASN_GENERALIZED_TIME) {
/* GeneralizedTime format requires YYYYMMDDHHMMSSZ. /* GeneralizedTime format requires YYYYMMDDHHMMSSZ. */
* subtract 1 to exclude null terminator. */ if (date[ i + ASN_GENERALIZED_TIME_SIZE - 2] != 'Z') {
if (XSTRLEN((const char*)date + i) < (ASN_GENERALIZED_TIME_SIZE - 1)) {
return ASN_PARSE_E; return ASN_PARSE_E;
} }
} else { } else {