Fix X509 cert date parsing for dates after 2049.

Reported by Teppo Turtiainen: http://seclists.org/nmap-dev/2015/q2/29 GeneralizedTime strings are 15 bytes (14 chars of date + 'Z'), not 14.
2025-12-30 03:19:02 +00:00 · 2015-04-09 13:07:34 +00:00
parent bc9a8452e0
commit b87d343443
2 changed files with 6 additions and 3 deletions
--- a/5
+++ b/5
@@ -1,6 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-

-o [NSE] Added http-crossdomainxml to detect overly permissive crossdomain 
+o [NSE] Fix X509 cert date parsing for dates after 2049. Reported by Teppo
+  Turtiainen. [Daniel Miller]
+
+o [NSE] Added http-crossdomainxml to detect overly permissive crossdomain
  policies and find trusted domain names available for purchase. [Paulino Calderon]

 o Add IPv6 Hop Limit (similar to IPv4 TTL) as a feature for the IPv6 OS
--- a/nse_ssl_cert.cc
+++ b/nse_ssl_cert.cc
@@ -305,8 +305,8 @@ static int time_to_tm(const ASN1_TIME *t, struct tm *result)
    else
      result->tm_year = 1900 + year;
    p = t->data + 2;
-  } else if (t->length == 14) {
-    /* yyyymmddhhmmss */
+  } else if (t->length == 15 && t->data[t->length - 1] == 'Z') {
+    /* yyyymmddhhmmssZ */
    result->tm_year = parse_int(t->data, 4);
    if (result->tm_year < 0)
      return -1;