From b87d34344343b7e31839a36ae91f4de78fab1af6 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 9 Apr 2015 13:07:34 +0000
Subject: [PATCH] Fix X509 cert date parsing for dates after 2049.

Reported by Teppo Turtiainen: http://seclists.org/nmap-dev/2015/q2/29

GeneralizedTime strings are 15 bytes (14 chars of date + 'Z'), not 14.
---
 CHANGELOG       | 5 ++++-
 nse_ssl_cert.cc | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 254848d64..0794b4815 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
-o [NSE] Added http-crossdomainxml to detect overly permissive crossdomain 
+o [NSE] Fix X509 cert date parsing for dates after 2049. Reported by Teppo
+  Turtiainen. [Daniel Miller]
+
+o [NSE] Added http-crossdomainxml to detect overly permissive crossdomain
   policies and find trusted domain names available for purchase. [Paulino Calderon]
 
 o Add IPv6 Hop Limit (similar to IPv4 TTL) as a feature for the IPv6 OS
diff --git a/nse_ssl_cert.cc b/nse_ssl_cert.cc
index c825701bb..9efba3c84 100644
--- a/nse_ssl_cert.cc
+++ b/nse_ssl_cert.cc
@@ -305,8 +305,8 @@ static int time_to_tm(const ASN1_TIME *t, struct tm *result)
     else
       result->tm_year = 1900 + year;
     p = t->data + 2;
-  } else if (t->length == 14) {
-    /* yyyymmddhhmmss */
+  } else if (t->length == 15 && t->data[t->length - 1] == 'Z') {
+    /* yyyymmddhhmmssZ */
     result->tm_year = parse_int(t->data, 4);
     if (result->tm_year < 0)
       return -1;