From ed1306451f702aae629ccc39d826a96836b3b069 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 12 Feb 2018 17:47:50 +0000
Subject: [PATCH] Check the return code from ASN1_TIME_diff()

The function can fail so we should check the return code.

Found by Coverity

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5339)

(cherry picked from commit 0d502c3511ab3b1c8acb129fb3af836727b8092d)
---
 apps/ca.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/apps/ca.c b/apps/ca.c
index efa2ca84e3..26ca6bb5d2 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1711,7 +1711,9 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
 
     if (enddate != NULL) {
         int tdays;
-        ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret));
+
+        if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)))
+            goto end;
         days = tdays;
     }
 
-- 
2.25.1