* asn1_encode.c (asn1_encode_generaltime): Sanity check the return

	from gmtime() to avoid overruns.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10534 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 16 insertions, 1 deletions

diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog
index f15192816..de87d7766 100644
--- a/src/lib/krb5/asn.1/ChangeLog
+++ b/src/lib/krb5/asn.1/ChangeLog
@@ -1,3 +1,8 @@
+Thu Apr 16 17:01:27 1998  Tom Yu  <tlyu@mit.edu>
+
+	* asn1_encode.c (asn1_encode_generaltime): Sanity check the return
+	from gmtime() to avoid overruns.
+
 Fri Feb 27 18:03:33 1998  Theodore Ts'o  <tytso@rsts-11.mit.edu>
 
 	* Makefile.in: Changed thisconfigdir to point at the lib/krb5
diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c
index 16c25ca24..826fc94af 100644
--- a/src/lib/krb5/asn.1/asn1_encode.c
+++ b/src/lib/krb5/asn.1/asn1_encode.c
@@ -203,7 +203,17 @@ asn1_error_code asn1_encode_generaltime(buf, val, retlen)
   gmt_time = val + EPOCH;
   gtime = gmtime(&gmt_time);
 
-  /* Time encoding: YYYYMMDDhhmmssZ */
+  /*
+   * Time encoding: YYYYMMDDhhmmssZ
+   *
+   * Sanity check this just to be paranoid, as gmtime can return NULL,
+   * and some bogus implementations might overrun on the sprintf.
+   */
+  if (gtime == NULL ||
+      gtime->tm_year > 9999 || gtime->tm_mon > 11 ||
+      gtime->tm_mday > 31 || gtime->tm_hour > 23 ||
+      gtime->tm_min > 59 || gtime->tm_sec > 59)
+    return ASN1_BAD_GMTIME;
   sprintf(s, "%04d%02d%02d%02d%02d%02dZ",
 	  1900+gtime->tm_year, gtime->tm_mon+1, gtime->tm_mday,
 	  gtime->tm_hour, gtime->tm_min, gtime->tm_sec);