From 62cd76ab2c6fecc8daaefe45828a6d71251c92cd Mon Sep 17 00:00:00 2001
From: John Crispin <john@openwrt.org>
Date: Thu, 4 Jul 2013 13:31:32 +0000
Subject: [PATCH] px5g: creates certificates that expire in the past

the attached patch fixes a bug of px5g when instructed to build
certificates that expire after 2038-01-19, caused a multiplication that
may overflow the "to" variable of type time_t

Attached patch checks if "to" precedes "from": if so sets "to" to its
maximum value. Pretty rude, but works well even if certificate is set to
expire in a century

Signed-off-by: Federico Fissore <federico@fissore.org>
Patchork: http://patchwork.openwrt.org/patch/3749/

SVN-Revision: 37165
---
 package/utils/px5g/src/px5g.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/package/utils/px5g/src/px5g.c b/package/utils/px5g/src/px5g.c
index 2b3e78585c..cf50ad28e2 100644
--- a/package/utils/px5g/src/px5g.c
+++ b/package/utils/px5g/src/px5g.c
@@ -22,6 +22,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
+#include <limits.h>
 #include "polarssl/havege.h"
 #include "polarssl/bignum.h"
 #include "polarssl/x509.h"
@@ -157,6 +158,8 @@ int selfsigned(char **arg) {
 	from = (from < 1000000000) ? 1000000000 : from;
 	strftime(fstr, sizeof(fstr), "%F %H:%M:%S", gmtime(&from));
 	to = from + 60 * 60 * 24 * days;
+	if (to < from)
+		to = INT_MAX;
 	strftime(tstr, sizeof(tstr), "%F %H:%M:%S", gmtime(&to));
 
 	x509_raw cert;
-- 
2.30.2