cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Correctly handle leap year in x509_date_is_valid()

Browse Source 
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
This commit is contained in:
Andres Amaya Garcia 2016-11-21 15:38:02 +00:00 committed by Simon Butcher
parent b0f148c0ab
commit 735b37eeef
3 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -14,6 +14,9 @@ Bugfix
* Parse signature algorithm extension when renegotiating. Previously, * Parse signature algorithm extension when renegotiating. Previously,
renegotiated handshakes would only accept signatures using SHA-1 renegotiated handshakes would only accept signatures using SHA-1
regardless of the peer's preferences, or fail if SHA-1 was disabled. regardless of the peer's preferences, or fail if SHA-1 was disabled.
* Fix leap year calculation in x509_date_is_valid() to ensure that invalid
dates on leap years with 100 and 400 intervals are handled correctly. Found
by Nicholas Wilson. #694
= mbed TLS 2.6.0 branch released 2017-08-10 = mbed TLS 2.6.0 branch released 2017-08-10

14
library/x509.c
View File

@ -496,9 +496,10 @@ static int x509_parse_int( unsigned char **p, size_t n, int *res )
return( 0 ); return( 0 );
} }
static int x509_date_is_valid(const mbedtls_x509_time *t) static int x509_date_is_valid(const mbedtls_x509_time *t )
{ {
int ret = MBEDTLS_ERR_X509_INVALID_DATE; int ret = MBEDTLS_ERR_X509_INVALID_DATE;
int month_len;
CHECK_RANGE( 0, 9999, t->year ); CHECK_RANGE( 0, 9999, t->year );
CHECK_RANGE( 0, 23, t->hour ); CHECK_RANGE( 0, 23, t->hour );
@ -508,17 +509,22 @@ static int x509_date_is_valid(const mbedtls_x509_time *t)
switch( t->mon ) switch( t->mon )
{ {
case 1: case 3: case 5: case 7: case 8: case 10: case 12: case 1: case 3: case 5: case 7: case 8: case 10: case 12:
CHECK_RANGE( 1, 31, t->day ); month_len = 31;
break; break;
case 4: case 6: case 9: case 11: case 4: case 6: case 9: case 11:
CHECK_RANGE( 1, 30, t->day ); month_len = 30;
break; break;
case 2: case 2:
CHECK_RANGE( 1, 28 + (t->year % 4 == 0), t->day ); if( ( !( t->year % 4 ) && t->year % 100 ) ||
!( t->year % 400 ) )
month_len = 29;
else
month_len = 28;
break; break;
default: default:
return( ret ); return( ret );
} }
CHECK_RANGE( 1, month_len, t->day );
return( 0 ); return( 0 );
} }

15
tests/suites/test_suite_x509parse.data
View File

@ -1670,3 +1670,18 @@ X509 Get time (UTC invalid character in sec)
depends_on:MBEDTLS_X509_USE_C depends_on:MBEDTLS_X509_USE_C
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
X509 Get time (Generalized Time invalid leap year multiple of 4 and 100)
depends_on:MBEDTLS_X509_USE_C
x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
X509 Get time (Generalized Time year multiple of 4 and not multiple of 100)
depends_on:MBEDTLS_X509_USE_C
x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0
X509 Get time (Generalized Time year multiple of 400)
depends_on:MBEDTLS_X509_USE_C
x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0
X509 Get time (Generalized Time invalid leap year not multiple of 4, 100 or 400)
depends_on:MBEDTLS_X509_USE_C
x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19910229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0