s4:heimdal: import lorikeet-heimdal-201107150856 (commit 48936803fae4a2fb362c79365d31f420c917b85b)

1 files changed, 18 insertions, 3 deletions

diff --git a/source4/heimdal/lib/asn1/timegm.c b/source4/heimdal/lib/asn1/timegm.c
index b569478413..d9f4adbd55 100644
--- a/source4/heimdal/lib/asn1/timegm.c
+++ b/source4/heimdal/lib/asn1/timegm.c
@@ -33,7 +33,7 @@
 
 #include "der_locl.h"
 
-RCSID("$Id$");
+#define ASN1_MAX_YEAR	2000
 
 static int
 is_leap(unsigned y)
@@ -56,13 +56,19 @@ time_t
 _der_timegm (struct tm *tm)
 {
   time_t res = 0;
-  unsigned i;
+  int i;
+
+  /*
+   * See comment in _der_gmtime
+   */
+  if (tm->tm_year > ASN1_MAX_YEAR)
+      return 0;
 
   if (tm->tm_year < 0)
       return -1;
   if (tm->tm_mon < 0 || tm->tm_mon > 11)
       return -1;
-  if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon])
+  if (tm->tm_mday < 1 || tm->tm_mday > (int)ndays[is_leap(tm->tm_year)][tm->tm_mon])
       return -1;
   if (tm->tm_hour < 0 || tm->tm_hour > 23)
       return -1;
@@ -98,6 +104,15 @@ _der_gmtime(time_t t, struct tm *tm)
     tm->tm_min = (secday % 3600) / 60;
     tm->tm_hour = secday / 3600;
 
+    /*
+     * Refuse to calculate time ~ 2000 years into the future, this is
+     * not possible for systems where time_t is a int32_t, however,
+     * when time_t is a int64_t, that can happen, and this becomes a
+     * denial of sevice.
+     */
+    if (days > (ASN1_MAX_YEAR * 365))
+	return NULL;
+
     tm->tm_year = 70;
     while(1) {
 	unsigned dayinyear = (is_leap(tm->tm_year) ? 366 : 365);