From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 12 Apr 2016 10:12:40 +0000 (+0200)
Subject: gnutls_ocsp_resp_get_single: fail if thisUpdate is not available or unparsable
X-Git-Tag: gnutls_3_5_0~176
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1bfb93706eed0475013e43fa74fbf86f80c795e9;p=thirdparty%2Fgnutls.git

gnutls_ocsp_resp_get_single: fail if thisUpdate is not available or unparsable

That is because this field is not optional, and a failure on its
parsing is always fatal. Reported by Yuan Jochen Kang.
---

diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
index 7e762bbfef..2e0179483b 100644
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -1500,10 +1500,11 @@ gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp,
 		ret = asn1_read_value(resp->basicresp, name, ttime, &len);
 		if (ret != ASN1_SUCCESS) {
 			gnutls_assert();
-			*this_update = (time_t) (-1);
-		} else
+			return GNUTLS_E_ASN1_DER_ERROR;
+		} else {
 			*this_update =
 			    _gnutls_x509_generalTime2gtime(ttime);
+		}
 	}
 
 	if (next_update) {