commit 2d0ffbbdc75e104437688f49fd15a846a946b5f1
author Simon Butcher <simon.butcher@arm.com> Mon Oct 17 22:32:47 2016 +0100
committer Simon Butcher <simon.butcher@arm.com> Mon Oct 17 22:41:54 2016 +0100
tree b62d1b0a1004465686f54aa6fb1229a3326376c6
parent 2261f198ee5f503abeaceb7dd3dc76c532867cbf

Fix integration of bugfix for #626

Adds check for validity of date in x509_get_time() back in, as it was
lost in the merge.

library/x509.c

diff --git a/library/x509.c b/library/x509.c
index e671fab..5466ca5 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -621,21 +621,27 @@
     {
         (*p)++;
         ret = asn1_get_len( p, end, &len );
-
         if( ret != 0 )
             return( POLARSSL_ERR_X509_INVALID_DATE + ret );
 
-        return x509_parse_time( p, len, 2, time );
+        CHECK( x509_parse_time( p, len, 2, time ) );
+
+        CHECK( x509_date_is_valid( time ) );
+
+        return( 0 );
     }
     else if( tag == ASN1_GENERALIZED_TIME )
     {
         (*p)++;
         ret = asn1_get_len( p, end, &len );
-
         if( ret != 0 )
             return( POLARSSL_ERR_X509_INVALID_DATE + ret );
 
-        return x509_parse_time( p, len, 4, time );
+        CHECK( x509_parse_time( p, len, 4, time ) );
+
+        CHECK( x509_date_is_valid( time ) );
+
+        return( 0 );
     }
     else
         return( POLARSSL_ERR_X509_INVALID_DATE +