Code to avoid the use of non-standard strptime(). By

Jeffrey Altman <jaltman@columbia.edu>

(Really, the time that's being parsed is a GeneralizedTime, so if
ASN1_GENERALIZEDTIME_get() ever gets implemented, it should be used
instead)

diff --git a/ssl/kssl.c b/ssl/kssl.c
index c086971c5d849c4b61455aacf9b1b3c089156b1d..7f9685a43d0cac24b62a78078a69e2ce891fcc86 100644 (file)
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -71,6 +71,7 @@
 #define _XOPEN_SOURCE /* glibc2 needs this to declare strptime() */
 #include <time.h>
 #include <string.h>
+#include <ctype.h>
 
 #include <openssl/ssl.h>
 #include <openssl/evp.h>
@@ -1568,7 +1569,7 @@ kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
 void
 kssl_ctx_show(KSSL_CTX *kssl_ctx)
         {
-       int     i;
+       unsigned int    i;
 
        printf("kssl_ctx: ");
        if (kssl_ctx == NULL)
@@ -1697,9 +1698,6 @@ krb5_error_code  kssl_check_authent(
        unsigned char           iv[EVP_MAX_IV_LENGTH];
        unsigned char           *p, *unenc_authent, *tbuf = NULL;
        int                     padl, outl, unencbufsize;
-       struct tm               tm_time, *tm_l, *tm_g;
-       time_t                  now, tl, tg, tz_offset;
-        char * strptime();
 
        *atimep = 0;
        kssl_err_set(kssl_err, 0, "");
@@ -1797,16 +1795,49 @@ krb5_error_code  kssl_check_authent(
                }
        else    strncpy(tbuf, auth->ctime->data, auth->ctime->length);
        
-       if ((char *)strptime(tbuf, "%Y%m%d%H%M%S", &tm_time) != NULL)
+       if ( auth->ctime->length >= 9 && auth->ctime->length <= 14  )  
+               /* tbuf == "%Y%m%d%H%M%S" */
                {
+               struct tm               tm_time, *tm_l, *tm_g;
+               time_t                  now, tl, tg, tr, tz_offset;
+               int                     i;
+               char                    *p = tbuf;
+ 
+               memset(&tm_time,0,sizeof(struct tm));
+               for ( i=0; 
+                     i<4 && isdigit(*p);
+                     i++, p++ )
+                       tm_time.tm_year = tm_time.tm_year*10 + (*p-'0');
+               for ( i=0; 
+                     i<2 && isdigit(*p) && tm_time.tm_mon <= 1; 
+                     i++, p++ )
+                       tm_time.tm_mon = tm_time.tm_mon*10 + (*p-'0');
+               for ( i=0; 
+                     i<2 && isdigit(*p) && tm_time.tm_mday <= 3;
+                     i++, p++ )
+                       tm_time.tm_mday = tm_time.tm_mday*10 + (*p-'0');
+               for ( i=0; 
+                     i<2 && isdigit(*p) && tm_time.tm_hour <= 2;
+                     i++, p++ )
+                       tm_time.tm_hour = tm_time.tm_hour*10 + (*p-'0');
+               for ( i=0;
+                     i<2 && isdigit(*p) && tm_time.tm_min <= 6;
+                     i++, p++ )
+                       tm_time.tm_min = tm_time.tm_min*10 + (*p-'0');
+               for ( i=0; 
+                     i<2 && isdigit(*p) && tm_time.tm_sec <= 6;
+                     i++, p++ )
+                       tm_time.tm_sec = tm_time.tm_sec*10 + (*p-'0');
+
                now  = time(&now);
                tm_l = localtime(&now);         tl = mktime(tm_l);
                tm_g = gmtime(&now);            tg = mktime(tm_g);
                tz_offset = tg - tl;
+               tr = mktime(&tm_time);
 
-               *atimep = mktime(&tm_time) - tz_offset;
+               if (tr != (time_t)(-1))
+                       *atimep = mktime(&tm_time) - tz_offset;
                }
-
 #ifdef KSSL_DEBUG
        printf("kssl_check_authent: client time %s = %d\n", tbuf, *atimep);
 #endif /* KSSL_DEBUG */