From: Matt Caswell <matt@openssl.org>
Date: Mon, 12 Feb 2018 17:47:50 +0000 (+0000)
Subject: Check the return code from ASN1_TIME_diff()
X-Git-Tag: OpenSSL_1_1_0h~71
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ed1306451f702aae629ccc39d826a96836b3b069;p=oweals%2Fopenssl.git

Check the return code from ASN1_TIME_diff()

The function can fail so we should check the return code.

Found by Coverity

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5339)

(cherry picked from commit 0d502c3511ab3b1c8acb129fb3af836727b8092d)
---

diff --git a/apps/ca.c b/apps/ca.c
index efa2ca84e3..26ca6bb5d2 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1711,7 +1711,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
 
     if (enddate != NULL) {
         int tdays;
-        ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret));
+
+        if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)))
+            goto end;
         days = tdays;
     }