Overview

File strongswan-4.2.8_asn1_time.patch of Package strongswan

diff -urN strongswan-4.2.8/src/libstrongswan/asn1/asn1.c strongswan-4.2.8_asn1_time/src/libstrongswan/asn1/asn1.c
--- strongswan-4.2.8/src/libstrongswan/asn1/asn1.c	2008-09-17 23:10:35.000000000 +0200
+++ strongswan-4.2.8_asn1_time/src/libstrongswan/asn1/asn1.c	2009-06-24 18:19:20.000000000 +0200
@@ -281,14 +281,20 @@
 	{
 		int tz_hour, tz_min;
 	
-		sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
+		if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
+		{
+			return 0; /* error in positive timezone offset format */
+		}
 		tz_offset = 3600*tz_hour + 60*tz_min;  /* positive time zone offset */
 	}
 	else if ((eot = memchr(utctime->ptr, '-', utctime->len)) != NULL)
 	{
 		int tz_hour, tz_min;
 	
-		sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
+		if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
+		{
+			return 0; /* error in negative timezone offset format */
+		}
 		tz_offset = -3600*tz_hour - 60*tz_min;  /* negative time zone offset */
 	}
 	else
@@ -297,17 +303,23 @@
 	}
 	
 	{
-	const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
+		const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
 			"%4d%2d%2d%2d%2d";
 	
-	sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday,
-		   &t.tm_hour, &t.tm_min);
+		if (sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday,
+			   &t.tm_hour, &t.tm_min) != 5)
+		{
+			return 0; /* error in time st [yy]yymmddhhmm time format */
+		}
 	}
 	
 	/* is there a seconds field? */
 	if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14))
 	{
-		sscanf(eot-2, "%2d", &t.tm_sec);
+		if (sscanf(eot-2, "%2d", &t.tm_sec) != 1)
+		{
+			return 0; /* error in ss seconds field format */
+		}
 	}
 	else
 	{
diff -urN strongswan-4.2.8/src/pluto/asn1.c strongswan-4.2.8_asn1_time/src/pluto/asn1.c
--- strongswan-4.2.8/src/pluto/asn1.c	2008-09-17 23:10:41.000000000 +0200
+++ strongswan-4.2.8_asn1_time/src/pluto/asn1.c	2009-06-24 18:19:20.000000000 +0200
@@ -364,14 +364,20 @@
     {
 	int tz_hour, tz_min;
 
-	sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
+	if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
+	{
+	    return 0; /* error in positive timezone offset format */
+	}
 	tz_offset = 3600*tz_hour + 60*tz_min;  /* positive time zone offset */
     }
     else if ((eot = memchr(utctime->ptr, '-', utctime->len)) != NULL)
     {
 	int tz_hour, tz_min;
 
-	sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
+	if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
+	{
+	    return 0; /* error in negative timezone offset format */
+	}
 	tz_offset = -3600*tz_hour - 60*tz_min;  /* negative time zone offset */
     }
     else
@@ -383,14 +389,20 @@
 	const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
 						     "%4d%2d%2d%2d%2d";
 
-	sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday,
-				     &t.tm_hour, &t.tm_min);
-    }
+	if (sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday,
+					 &t.tm_hour, &t.tm_min) != 5)
+	{
+	    return 0; /* error in time st [yy]yymmddhhmm time format */
+	}
+   }
 
     /* is there a seconds field? */
     if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14))
     {
-	sscanf(eot-2, "%2d", &t.tm_sec);
+	if (sscanf(eot-2, "%2d", &t.tm_sec) != 1)
+	{
+	    return 0; /* error in ss seconds field format */
+	}
     }
     else
     {
openSUSE Build Service is sponsored by
Places