From 56087077d81e2b888f4cbe7f70b2077dc5add90d Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Fri, 29 Jan 2016 15:27:00 -0500 Subject: [PATCH] Better type for x509 -checkend argument This is a time_t and can be zero or negative. So use 'M' (maximal signed int) not 'p' (positive int). Reviewed-by: Rich Salz --- apps/x509.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/apps/x509.c b/apps/x509.c index 7a688a9dfe7..a8d0686a6bc 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -152,7 +152,7 @@ OPTIONS x509_options[] = { {"setalias", OPT_SETALIAS, 's', "Set certificate alias"}, {"days", OPT_DAYS, 'n', "How long till expiry of a signed certificate - def 30 days"}, - {"checkend", OPT_CHECKEND, 'p', + {"checkend", OPT_CHECKEND, 'M', "Check whether the cert expires in the next arg seconds"}, {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"}, {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"}, @@ -225,7 +225,8 @@ int x509_main(int argc, char **argv) int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0; int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0; int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0; - int checkoffset = 0, enddate = 0; + int enddate = 0; + time_t checkoffset = 0; unsigned long nmflag = 0, certflag = 0; char nmflag_set = 0; OPTION_CHOICE o; @@ -466,8 +467,14 @@ int x509_main(int argc, char **argv) enddate = ++num; break; case OPT_CHECKEND: - checkoffset = atoi(opt_arg()); checkend = 1; + if (!opt_imax(opt_arg(), &checkoffset)) + goto opthelp; + if (checkoffset != (time_t)checkoffset) { + BIO_printf(bio_err, "%s: checkend time out of range %s\n", + prog, opt_arg()); + goto opthelp; + } break; case OPT_CHECKHOST: checkhost = opt_arg(); -- 2.39.5