From 98fbfc3b6126c809eb44c700871facca6ac7727d Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Mon, 7 May 2018 11:19:35 +0200
Subject: trust: Avoid array overflow

---
 trust/builder.c         | 4 ++--
 trust/extract-openssl.c | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'trust')

diff --git a/trust/builder.c b/trust/builder.c
index 5b20c79..742c544 100644
--- a/trust/builder.c
+++ b/trust/builder.c
@@ -472,9 +472,9 @@ calc_date (node_asn *node,
 		return_val_if_fail (year >= 0, false);
 
 		century = century_for_two_digit_year (year);
-		return_val_if_fail (century >= 0, false);
+		return_val_if_fail (century >= 0 && century <= 9900, false);
 
-		snprintf ((char *)date->year, 3, "%02d", century);
+		snprintf ((char *)date->year, 3, "%02d", century / 100);
 		memcpy (((char *)date) + 2, buf, 6);
 
 	} else {
diff --git a/trust/extract-openssl.c b/trust/extract-openssl.c
index a40a74f..5f72076 100644
--- a/trust/extract-openssl.c
+++ b/trust/extract-openssl.c
@@ -453,7 +453,7 @@ p11_openssl_canon_name_der (p11_dict *asn1_defs,
 {
 	p11_buffer value;
 	char outer[64];
-	char field[64];
+	char field[128];
 	node_asn *name;
 	void *at;
 	int value_len;
-- 
cgit v1.1