Re: [PATCH] X.509: Fix the time validation [ver #2]

On Thu, 2015-11-12 at 09:36 +, David Howells wrote: > If it works, it emit a key ID; if it fails, it should give a bad > message error. In this sentence, failure is good, yes? This is a malformed key so we *expect* the failure? -- David WoodhouseOpen Source Techno

[PATCH] X.509: Fix the time validation [ver #2]

This fixes CVE-2015-5327. It affects kernels from 4.3-rc1 onwards. Fix the X.509 time validation to use month number-1 when looking up the number of days in that month. Also put the month number validation before doing the lookup so as not to risk overrunning the array. This can be tested by do