From: Neil Horman <nhorman@openssl.org>
Date: Mon, 8 Dec 2025 18:22:05 +0000 (-0500)
Subject: Only write to pdays/psecs if they are not null
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9fb44b527ee3717795609fb876a7a81f8898c623;p=thirdparty%2Fopenssl.git

Only write to pdays/psecs if they are not null

We have a few cases in which one of the paramters passed to
ASN1_TIME_diff is null (i.e. the caller doesn't care about the psec
differnce and so passes NULL as that pointer parameter).

However, OPENSSL_gmtime_diff assumes both pointers are valid, and so
writes to them unilaterally resulting in a crash as observed here:
https://github.com/openssl/openssl/pull/29333#issuecomment-3628103959

Check the pointers before writing to them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29337)
---

diff --git a/crypto/asn1/a_time_posix.c b/crypto/asn1/a_time_posix.c
index d65ef1cf8b4..4e748007d07 100644
--- a/crypto/asn1/a_time_posix.c
+++ b/crypto/asn1/a_time_posix.c
@@ -260,8 +260,10 @@ int OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from,
     daydiff = timediff / SECS_PER_DAY;
     timediff %= SECS_PER_DAY;
 
-    *out_secs = (int)timediff;
-    *out_days = (int)daydiff;
+    if (out_secs != NULL)
+        *out_secs = (int)timediff;
+    if (out_days != NULL)
+        *out_days = (int)daydiff;
 
     return 1;
 }