From 10bb1e4be0ccccd4f1e65fc8066b1fe0ba25eeaf Mon Sep 17 00:00:00 2001 From: Joran Siu Date: Tue, 2 Oct 2018 23:14:50 -0400 Subject: [PATCH] Fix x509_cmp_time digits check for z/OS x509_cmp_time uses the isDigit function from ctypes to validate the time. On zOS, this does an EBCDIC test, while the strings when compiled in Node are treated as ASCII. Convert the conditional to an explicit test for the ASCII digit range. Fix encoding format for generalizedtime_length as well. Signed-off-by: Joran Siu --- deps/openssl/openssl/crypto/x509/x509_vfy.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/deps/openssl/openssl/crypto/x509/x509_vfy.c b/deps/openssl/openssl/crypto/x509/x509_vfy.c index d38a1e3ca0e..7a325172dc9 100644 --- a/deps/openssl/openssl/crypto/x509/x509_vfy.c +++ b/deps/openssl/openssl/crypto/x509/x509_vfy.c @@ -1939,7 +1939,7 @@ int X509_cmp_current_time(const ASN1_TIME *ctm) int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) { static const size_t utctime_length = sizeof("\x59\x59\x4d\x4d\x44\x44\x48\x48\x4d\x4d\x53\x53\x5a") - 1; - static const size_t generalizedtime_length = sizeof("\x59\x59\x4d\x4d\x44\x44\x48\x48\x4d\x4d\x53\x53\x5a") - 1; + static const size_t generalizedtime_length = sizeof("\x59\x59\x59\x59\x4d\x4d\x44\x44\x48\x48\x4d\x4d\x53\x53\x5a") - 1; ASN1_TIME *asn1_cmp_time = NULL; int i, day, sec, ret = 0; @@ -1973,7 +1973,11 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) * Digit and date ranges will be verified in the conversion methods. */ for (i = 0; i < ctm->length - 1; i++) { - if (!isdigit(ctm->data[i])) + // Customize the following conditional with explicit ASCII test + // for valid digits 0-9 (0x30-0x39 in ASCII) for z/OS + // Originally: + // if (!isdigit(ctm->data[i])) + if (ctm->data[i] < 0x30 || ctm->data[i] > 0x39) return 0; } if (ctm->data[ctm->length - 1] != '\x5a')