gnutls_x509_crl_verify: check next update field for presence

If not present do not attempt to utilize its value. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-09-07 09:10:20 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-09-08 08:55:55 +0200
commit: f6821a90f7ea803feb857790537c25d92ffcc340 (patch)
tree: 6d6241684d3f896182a6dce7cd4a038c41e3b20d
parent: 77039f38a687ff1beac6535ef7815c39b5d78694 (diff)
download: gnutls-f6821a90f7ea803feb857790537c25d92ffcc340.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 66e49d60d8..26b1ab3f44 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -1562,6 +1562,7 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl,
 	gnutls_x509_crt_t issuer = NULL;
 	int result, sigalg;
 	time_t now = gnutls_time(0);
+	time_t nextu;
 	unsigned int usage;
 
 	if (verify)
@@ -1677,7 +1678,8 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl,
 	if (gnutls_x509_crl_get_this_update(crl) > now && verify)
 		*verify |= GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE;
 
-	if (gnutls_x509_crl_get_next_update(crl) < now && verify)
+	nextu = gnutls_x509_crl_get_next_update(crl);
+	if (nextu != -1 && nextu < now && verify)
 		*verify |= GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-09-07 09:10:20 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-09-08 08:55:55 +0200
commit	f6821a90f7ea803feb857790537c25d92ffcc340 (patch)
tree	6d6241684d3f896182a6dce7cd4a038c41e3b20d
parent	77039f38a687ff1beac6535ef7815c39b5d78694 (diff)
download	gnutls-f6821a90f7ea803feb857790537c25d92ffcc340.tar.gz