Fix length checks in X509_cmp_time to avoid out-of-bounds reads.
authorEmilia Kasper <emilia@openssl.org>
Wed, 8 Apr 2015 14:56:43 +0000 (16:56 +0200)
committerMatt Caswell <matt@openssl.org>
Thu, 11 Jun 2015 10:06:30 +0000 (11:06 +0100)
commitf48b83b4fb7d6689584cf25f61ca63a4891f5b11
tree0649b456b01f702952a7319342af82574f959a82
parent708cf593587e2fda67dae9782991ff9fccc781eb
Fix length checks in X509_cmp_time to avoid out-of-bounds reads.

Also tighten X509_cmp_time to reject more than three fractional
seconds in the time; and to reject trailing garbage after the offset.

CVE-2015-1789

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/x509/x509_vfy.c