diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2011-12-23 16:33:24 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2011-12-23 16:33:24 +0100 |
| commit | 20d752b4ff582e61a27d0aa8b42222f587665c92 (patch) | |
| tree | fa0cc4f859def5ac41e99a8b2c30a6dfcda06b54 /src | |
| parent | 1267127c114aa6d7c1507d1da4a1af3954c42cde (diff) | |
| download | strongswan-20d752b4ff582e61a27d0aa8b42222f587665c92.tar.bz2 strongswan-20d752b4ff582e61a27d0aa8b42222f587665c92.tar.xz | |
pki: Avoid integer overflow when calculating certificate lifetimes.
This only works properly if sizeof(time_t) > 4.
Diffstat (limited to 'src')
| -rw-r--r-- | src/pki/commands/issue.c | 2 | ||||
| -rw-r--r-- | src/pki/commands/self.c | 2 | ||||
| -rw-r--r-- | src/pki/commands/signcrl.c | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 6a5686d92..20163edf2 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -67,11 +67,11 @@ static int issue() char *error = NULL, *keyid = NULL; identification_t *id = NULL; linked_list_t *san, *cdps, *ocsp, *permitted, *excluded, *policies, *mappings; - int lifetime = 1095; int pathlen = X509_NO_CONSTRAINT, inhibit_any = X509_NO_CONSTRAINT; int inhibit_mapping = X509_NO_CONSTRAINT, require_explicit = X509_NO_CONSTRAINT; chunk_t serial = chunk_empty; chunk_t encoding = chunk_empty; + time_t lifetime = 1095; time_t not_before, not_after; x509_flag_t flags = 0; x509_t *x509; diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index c7788ff62..c4508a671 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -55,11 +55,11 @@ static int self() char *file = NULL, *dn = NULL, *hex = NULL, *error = NULL, *keyid = NULL; identification_t *id = NULL; linked_list_t *san, *ocsp, *permitted, *excluded, *policies, *mappings; - int lifetime = 1095; int pathlen = X509_NO_CONSTRAINT, inhibit_any = X509_NO_CONSTRAINT; int inhibit_mapping = X509_NO_CONSTRAINT, require_explicit = X509_NO_CONSTRAINT; chunk_t serial = chunk_empty; chunk_t encoding = chunk_empty; + time_t lifetime = 1095; time_t not_before, not_after; x509_flag_t flags = 0; x509_cert_policy_t *policy = NULL; diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c index 9a21bd99c..827fd7318 100644 --- a/src/pki/commands/signcrl.c +++ b/src/pki/commands/signcrl.c @@ -124,7 +124,7 @@ static int sign_crl() int serial_len = 0; crl_reason_t reason = CRL_REASON_UNSPECIFIED; time_t thisUpdate, nextUpdate, date = time(NULL); - int lifetime = 15; + time_t lifetime = 15; linked_list_t *list, *cdps; enumerator_t *enumerator, *lastenum = NULL; x509_cdp_t *cdp; |