diff options
author | jsing <jsing@openbsd.org> | 2019-01-21 11:05:41 +0000 |
---|---|---|
committer | jsing <jsing@openbsd.org> | 2019-01-21 11:05:41 +0000 |
commit | 4dd4abe432121055465bf24e2e3087a44bf024a9 (patch) | |
tree | b2d3b08dbd2ad8a4d7f87f9c70d2f36fa48ed2d4 /usr.sbin/ntpd | |
parent | nothing shall escape this purge (diff) | |
download | wireguard-openbsd-4dd4abe432121055465bf24e2e3087a44bf024a9.tar.xz wireguard-openbsd-4dd4abe432121055465bf24e2e3087a44bf024a9.zip |
Explicitly check timegm() return value.
Spotted by tb@
ok deraadt@ tb@
Diffstat (limited to 'usr.sbin/ntpd')
-rw-r--r-- | usr.sbin/ntpd/constraint.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.sbin/ntpd/constraint.c b/usr.sbin/ntpd/constraint.c index 4434a9385e2..48704dd2be7 100644 --- a/usr.sbin/ntpd/constraint.c +++ b/usr.sbin/ntpd/constraint.c @@ -1,4 +1,4 @@ -/* $OpenBSD: constraint.c,v 1.40 2019/01/21 08:38:22 jsing Exp $ */ +/* $OpenBSD: constraint.c,v 1.41 2019/01/21 11:05:41 jsing Exp $ */ /* * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> @@ -985,7 +985,8 @@ httpsdate_request(struct httpsdate *httpsdate, struct timeval *when) * TLS handshake, based on the time specified by the server's HTTP Date: * header. */ - httptime = timegm(&httpsdate->tls_tm); + if ((httptime = timegm(&httpsdate->tls_tm)) == -1) + goto fail; if (httptime <= tls_peer_cert_notbefore(httpsdate->tls_ctx) || httptime >= tls_peer_cert_notafter(httpsdate->tls_ctx)) { log_warnx("tls certificate invalid: %s (%s):", |