From 0d502c3511ab3b1c8acb129fb3af836727b8092d Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 12 Feb 2018 17:47:50 +0000
Subject: [PATCH] Check the return code from ASN1_TIME_diff()

The function can fail so we should check the return code.

Found by Coverity

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5339)
---
 apps/ca.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/apps/ca.c b/apps/ca.c
index a416f368a8..26c077858f 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1706,7 +1706,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
 
     if (enddate != NULL) {
         int tdays;
-        ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret));
+
+        if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)))
+            goto end;
         days = tdays;
     }
 
-- 
2.25.1