From: jwalch <jeremy.walch@gmail.com>
Date: Fri, 19 Feb 2021 18:02:27 +0000 (-0500)
Subject: Fix an integer overflow in o_time.c
X-Git-Tag: openssl-3.0.0-alpha13~186
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=75de54363506e2b2480fc6baf0cd45b1f7fc8816;p=thirdparty%2Fopenssl.git

Fix an integer overflow in o_time.c

If input offset_sec is sufficiently large (> INT32_MAX * SECS_PER_DAY, which is possible for a long on 64-bit platforms), then the first assignment contains an overflow.

I think leaving offset_hms as an int is still safe.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14252)
---

diff --git a/crypto/o_time.c b/crypto/o_time.c
index 632e19e3679..f367945a180 100644
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@@ -133,8 +133,8 @@ int OPENSSL_gmtime_diff(int *pday, int *psec,
 static int julian_adj(const struct tm *tm, int off_day, long offset_sec,
                       long *pday, int *psec)
 {
-    int offset_hms, offset_day;
-    long time_jd;
+    int offset_hms;
+    long offset_day, time_jd;
     int time_year, time_month, time_day;
     /* split offset into days and day seconds */
     offset_day = offset_sec / SECS_PER_DAY;