patches/source/gnutls/gnutls-2.8.4_fix-timebomb.diff


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

commit 087fdeec5076ae1270f460685d8d36a50d9c3822
Author: Simon Josefsson <simon@josefsson.org>
Date:   Mon Nov 2 11:25:27 2009 +0100

    Fix time bomb in chainverify self-test.
    
    Reported by Andreas Metzler <ametzler@downhill.at.eu.org>
    in <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.

diff --git a/tests/chainverify.c b/tests/chainverify.c
index 0192da2..16c59ee 100644
--- a/tests/chainverify.c
+++ b/tests/chainverify.c
@@ -32,6 +32,21 @@
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
 
+/* GnuTLS internally calls time() to find out the current time when
+   verifying certificates.  To avoid a time bomb, we hard code the
+   current time.  This should work fine on systems where the library
+   call to time is resolved at run-time.  */
+time_t
+time (time_t *t)
+{
+  time_t then = 1256803113;
+
+  if (t)
+    *t = then;
+
+  return then;
+}
+
 /* *INDENT-OFF* */
 
 /* Triggers incorrect verification success on older versions */