blob: 38e144294aa1e3582729117bc6de40e0bc04ac25 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
commit 087fdeec5076ae1270f460685d8d36a50d9c3822
Author: Simon Josefsson <simon@josefsson.org>
Date: Mon Nov 2 11:25:27 2009 +0100
Fix time bomb in chainverify self-test.
Reported by Andreas Metzler <ametzler@downhill.at.eu.org>
in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.
diff --git a/tests/chainverify.c b/tests/chainverify.c
index 0192da2..16c59ee 100644
--- a/tests/chainverify.c
+++ b/tests/chainverify.c
@@ -32,6 +32,21 @@
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
+/* GnuTLS internally calls time() to find out the current time when
+ verifying certificates. To avoid a time bomb, we hard code the
+ current time. This should work fine on systems where the library
+ call to time is resolved at run-time. */
+time_t
+time (time_t *t)
+{
+ time_t then = 1256803113;
+
+ if (t)
+ *t = then;
+
+ return then;
+}
+
/* *INDENT-OFF* */
/* Triggers incorrect verification success on older versions */
|