[patch] bbnet/contest.c: Do not crash on long-living SSL certs
Christoph Berg
cb at df7cb.de
Sat Oct 25 15:33:53 CEST 2008
Hi,
bbgen_ASN1_UTCTIME in bbnet/contest.c doesn't like SSL certificates
that are valid longer than 2050. The passed tm->data string will
include the full year then and fail to be parsed. The patch below
fixes the issue.
--- a/bbnet/contest.c
+++ b/bbnet/contest.c
@@ -390,20 +390,25 @@ static char *bbgen_ASN1_UTCTIME(ASN1_UTC
static char result[256];
char *asn1_string;
int gmt=0;
- int i;
- int year=0,month=0,day=0,hour=0,minute=0,second=0;
+ int len, i;
+ int century=0,year=0,month=0,day=0,hour=0,minute=0,second=0;
- i=tm->length;
+ len=tm->length;
asn1_string=(char *)tm->data;
- if (i < 10) return NULL;
- if (asn1_string[i-1] == 'Z') gmt=1;
- for (i=0; i<10; i++) {
+ if (len < 10) return NULL;
+ if (asn1_string[len-1] == 'Z') gmt=1;
+ for (i=0; i<len-1; i++) {
if ((asn1_string[i] > '9') || (asn1_string[i] < '0')) return NULL;
}
+ if (len >= 15) { /* 20541024111745Z format */
+ century = 100 * ((asn1_string[0]-'0')*10+(asn1_string[1]-'0'));
+ asn1_string += 2;
+ }
+
year=(asn1_string[0]-'0')*10+(asn1_string[1]-'0');
- if (year < 50) year+=100;
+ if (century == 0 && year < 50) year+=100;
month=(asn1_string[2]-'0')*10+(asn1_string[3]-'0');
if ((month > 12) || (month < 1)) return NULL;
@@ -417,7 +422,7 @@ static char *bbgen_ASN1_UTCTIME(ASN1_UTC
}
sprintf(result, "%04d-%02d-%02d %02d:%02d:%02d %s",
- year+1900, month, day, hour, minute, second, (gmt?"GMT":""));
+ year+(century?century:1900), month, day, hour, minute, second, (gmt?"GMT":""));
return result;
}
Christoph
--
cb at df7cb.de | http://www.df7cb.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20081025/2496dbeb/attachment.sig>
More information about the Xymon
mailing list