]> git.ipfire.org Git - thirdparty/ipxe.git/commitdiff
[crypto] Accept UTCTime/GeneralizedTime with no "seconds" field
authorMichael Brown <mcb30@ipxe.org>
Mon, 21 May 2012 22:20:03 +0000 (23:20 +0100)
committerMichael Brown <mcb30@ipxe.org>
Mon, 21 May 2012 22:21:36 +0000 (23:21 +0100)
Signed-off-by: Michael Brown <mcb30@ipxe.org>
src/crypto/asn1.c

index 5fc37849b3b87cc234e9b0bb45dcf4dd91c6ceb8..462885f3ed911468d891367a102311e296e78481 100644 (file)
@@ -655,10 +655,16 @@ int asn1_generalized_time ( const struct asn1_cursor *cursor, time_t *time ) {
        }
 
        /* Parse digit string a pair at a time */
+       memset ( &pairs, 0, sizeof ( pairs ) );
        data = contents.data;
        remaining = contents.len;
        for ( i = ( have_century ? 0 : 1 ) ; i < sizeof ( pairs.raw ) ; i++ ) {
                if ( remaining < 2 ) {
+                       /* Some certificates violate the X.509 RFC by
+                        * omitting the "seconds" value.
+                        */
+                       if ( i == ( sizeof ( pairs.raw ) - 1 ) )
+                               break;
                        DBGC ( cursor, "ASN1 %p invalid time:\n", cursor );
                        DBGC_HDA ( cursor, 0, cursor->data, cursor->len );
                        return -EINVAL_ASN1_TIME;