summaryrefslogtreecommitdiff
path: root/usr.sbin/ntpd
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2019-01-21 11:05:42 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2019-01-21 11:05:42 +0000
commitfc399486e9b1cefa07f9ee2da5d516574a9b0575 (patch)
tree418e967741800d98b004dbe9566ce7bbaf963cdd /usr.sbin/ntpd
parent0d9dc888311b19d4b3495d5a1ffd8d9af4a74549 (diff)
Explicitly check timegm() return value.
Spotted by tb@ ok deraadt@ tb@
Diffstat (limited to 'usr.sbin/ntpd')
-rw-r--r--usr.sbin/ntpd/constraint.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.sbin/ntpd/constraint.c b/usr.sbin/ntpd/constraint.c
index 4434a9385e2..48704dd2be7 100644
--- a/usr.sbin/ntpd/constraint.c
+++ b/usr.sbin/ntpd/constraint.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: constraint.c,v 1.40 2019/01/21 08:38:22 jsing Exp $ */
+/* $OpenBSD: constraint.c,v 1.41 2019/01/21 11:05:41 jsing Exp $ */
/*
* Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -985,7 +985,8 @@ httpsdate_request(struct httpsdate *httpsdate, struct timeval *when)
* TLS handshake, based on the time specified by the server's HTTP Date:
* header.
*/
- httptime = timegm(&httpsdate->tls_tm);
+ if ((httptime = timegm(&httpsdate->tls_tm)) == -1)
+ goto fail;
if (httptime <= tls_peer_cert_notbefore(httpsdate->tls_ctx) ||
httptime >= tls_peer_cert_notafter(httpsdate->tls_ctx)) {
log_warnx("tls certificate invalid: %s (%s):",