2 files changed, 21 insertions, 11 deletions

diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index dacf12c01..6dd90b7e5 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -264,13 +264,15 @@ u_int asn1_length(chunk_t *blob)
 	return len;
 }
 
+#define TIME_MAX	0x7fffffff
+
 /**
  * Converts ASN.1 UTCTIME or GENERALIZEDTIME into calender time
  */
 time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
 {
 	struct tm t;
-	time_t tz_offset;
+	time_t tc, tz_offset;
 	u_char *eot = NULL;
 	
 	if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL)
@@ -296,12 +298,13 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
 		return 0; /* error in time format */
 	}
 	
+	/* parse ASN.1 time string */
 	{
-	const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
-			"%4d%2d%2d%2d%2d";
+		const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
+													 "%4d%2d%2d%2d%2d";
 	
-	sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday,
-		   &t.tm_hour, &t.tm_min);
+		sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday,
+			   						 &t.tm_hour, &t.tm_min);
 	}
 	
 	/* is there a seconds field? */
@@ -334,9 +337,11 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
 	/* set daylight saving time to off */
 	t.tm_isdst = 0;
 	
-	/* compensate timezone */
-	
-	return mktime(&t) - timezone - tz_offset;
+	/* convert to time_t */
+	tc = mktime(&t);
+
+	/* if no conversion overflow occurred, compensate timezone */
+	return (tc == -1) ? TIME_MAX : tc - timezone - tz_offset;
 }
 
 /**
diff --git a/src/pluto/asn1.c b/src/pluto/asn1.c
index 5303b68a7..f7519d253 100644
--- a/src/pluto/asn1.c
+++ b/src/pluto/asn1.c
@@ -348,6 +348,8 @@ is_printablestring(chunk_t str)
     return TRUE;
 }
 
+#define TIME_MAX	0x7fffffff
+
 /*
  *  Converts ASN.1 UTCTIME or GENERALIZEDTIME into calender time
  */
@@ -355,7 +357,7 @@ time_t
 asn1totime(const chunk_t *utctime, asn1_t type)
 {
     struct tm t;
-    time_t tz_offset;
+    time_t tc, tz_offset;
     u_char *eot = NULL;
 
     if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL)
@@ -381,6 +383,7 @@ asn1totime(const chunk_t *utctime, asn1_t type)
 	return 0; /* error in time format */
     }
 
+    /* parse ASN.1 time string */
     {
 	const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
 						     "%4d%2d%2d%2d%2d";
@@ -419,9 +422,11 @@ asn1totime(const chunk_t *utctime, asn1_t type)
     /* set daylight saving time to off */
     t.tm_isdst = 0;
 
-    /* compensate timezone */
+    /* convert to time_t */
+    tc = mktime(&t);
 
-    return mktime(&t) - timezone - tz_offset;
+    /* if no conversion overflow occurred, compensate timezone */
+    return (tc == -1) ? TIME_MAX : tc - timezone - tz_offset;
 }
 
 /*