From 624feae8af40050130bd9f648dd1664b211da566 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Fri, 24 Jan 2003 00:42:50 +0000
Subject: [PATCH] Check return value of gmtime() and add error codes where it
 fails in ASN1_TIME_set().

Clear error queue in req.c if *_min or *_max is absent.
---
 CHANGES                | 4 ++++
 apps/req.c             | 6 ++++++
 crypto/asn1/a_time.c   | 3 +++
 crypto/asn1/asn1.h     | 2 ++
 crypto/asn1/asn1_err.c | 4 +++-
 crypto/o_time.c        | 3 ++-
 6 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 863a975a88..e96767092f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.7 and 0.9.7a  [XX xxx 2003]
 
+  *) Under Win32 gmtime() can return NULL: check return value in
+     OPENSSL_gmtime(). Add error code for case where gmtime() fails.
+     [Steve Henson]
+
   *) DSA routines: under certain error conditions uninitialized BN objects
      could be freed. Solution: make sure initialization is performed early
      enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>,
diff --git a/apps/req.c b/apps/req.c
index cffdcd1969..ab7b6aa20d 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1237,11 +1237,17 @@ start:		for (;;)
 
 			sprintf(buf,"%s_min",v->name);
 			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
+				{
+				ERR_clear_error();
 				n_min = -1;
+				}
 
 			sprintf(buf,"%s_max",v->name);
 			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
+				{
+				ERR_clear_error();
 				n_max = -1;
+				}
 
 			if (!add_DN_object(subj,v->value,def,value,nid,
 				n_min,n_max, chtype))
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
index 3a03c9e4e4..7348da9457 100644
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@@ -105,7 +105,10 @@ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
 
 	ts=OPENSSL_gmtime(&t,&data);
 	if (ts == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
 		return NULL;
+		}
 	if((ts->tm_year >= 50) && (ts->tm_year < 150))
 					return ASN1_UTCTIME_set(s, t);
 	return ASN1_GENERALIZEDTIME_set(s,t);
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 28b5b008f8..99ba920eca 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -980,6 +980,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_TEMPLATE_D2I			 131
 #define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132
 #define ASN1_F_ASN1_TEMPLATE_NEW			 133
+#define ASN1_F_ASN1_TIME_SET				 175
 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134
 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
 #define ASN1_F_ASN1_UNPACK_STRING			 136
@@ -1037,6 +1038,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_DECODE_ERROR				 110
 #define ASN1_R_DECODING_ERROR				 111
 #define ASN1_R_ENCODE_ERROR				 112
+#define ASN1_R_ERROR_GETTING_TIME			 173
 #define ASN1_R_ERROR_LOADING_SECTION			 172
 #define ASN1_R_ERROR_PARSING_SET_ELEMENT		 113
 #define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 114
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index c4c3d2a91d..094ec06fda 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -100,6 +100,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),	"ASN1_TEMPLATE_D2I"},
 {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0),	"ASN1_TEMPLATE_EX_D2I"},
 {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0),	"ASN1_TEMPLATE_NEW"},
+{ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0),	"ASN1_TIME_set"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),	"ASN1_unpack_string"},
@@ -160,6 +161,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ASN1_R_DECODE_ERROR                     ,"decode error"},
 {ASN1_R_DECODING_ERROR                   ,"decoding error"},
 {ASN1_R_ENCODE_ERROR                     ,"encode error"},
+{ASN1_R_ERROR_GETTING_TIME               ,"error getting time"},
 {ASN1_R_ERROR_LOADING_SECTION            ,"error loading section"},
 {ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
 {ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
diff --git a/crypto/o_time.c b/crypto/o_time.c
index 1bc0297b36..ca5f3ea48e 100644
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@@ -80,7 +80,8 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
 	ts = result;
 #elif !defined(OPENSSL_SYS_VMS)
 	ts = gmtime(timer);
-	memcpy(result, ts, sizeof(struct tm));
+	if (ts != NULL)
+		memcpy(result, ts, sizeof(struct tm));
 	ts = result;
 #endif
 #ifdef OPENSSL_SYS_VMS
-- 
2.25.1