From 4c99fd3cb29da51217a296dfbce7b8066385bf67 Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Fri, 5 Dec 2025 15:50:23 -0700 Subject: [PATCH 1/4] Use non deprecated OpenSSL accessors for ASN1_STRING values. This changes your time conversion routine to use ASN1_STRING_get0_data() and ASN1_STRING_length() rather than directly using the values from the object. OpenSSL plans to make ASN1_STRING opaque soon: https://github.com/openssl/openssl/issues/29117 The accessor in question is in OpenSSL 1.1 as well as BoringSSL and LibreSSL so should be widely available. As the returned value is const, and you are changing it to pass to strptime, I've made it make a copy to work with. Since I added another allocation I converted it to single return to ensure everything gets freed appropriately. --- libclamav/crypto.c | 40 ++++++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/libclamav/crypto.c b/libclamav/crypto.c index 8b398e402f..cc107b3e2a 100644 --- a/libclamav/crypto.c +++ b/libclamav/crypto.c @@ -1748,8 +1748,9 @@ X509 *cl_load_cert(const char *certpath) struct tm *cl_ASN1_GetTimeT(ASN1_TIME *timeobj) { - struct tm *t; - char *str; + struct tm *ret = NULL; + struct tm *t = NULL; + char *str = NULL; const char *fmt = NULL; time_t localt; #ifdef _WIN32 @@ -1758,16 +1759,19 @@ struct tm *cl_ASN1_GetTimeT(ASN1_TIME *timeobj) struct tm localtm; #endif - if (!(timeobj) || !(timeobj->data)) - return NULL; + if (!(timeobj)) + goto err; + + if ((str = strndup(ASN1_STRING_get0_data(timeobj), + ASN1_STRING_length(timeobj))) == NULL) + goto err; - str = (char *)(timeobj->data); if (strlen(str) < 12) - return NULL; + goto err; t = (struct tm *)calloc(1, sizeof(struct tm)); if (!(t)) - return NULL; + goto err; if (timeobj->type == V_ASN1_UTCTIME) { /* two digit year */ @@ -1789,15 +1793,11 @@ struct tm *cl_ASN1_GetTimeT(ASN1_TIME *timeobj) } } - if (!(fmt)) { - free(t); - return NULL; - } + if (!(fmt)) + goto err; - if (!strptime(str, fmt, t)) { - free(t); - return NULL; - } + if (!strptime(str, fmt, t)) + goto err; /* Convert to local time */ localt = time(NULL); @@ -1808,7 +1808,15 @@ struct tm *cl_ASN1_GetTimeT(ASN1_TIME *timeobj) localtime_r(&localt, &localtm); #endif t->tm_isdst = localtm.tm_isdst; - return t; + + ret = t; + t = NULL; + +err: + free(t); + free(str); + + return ret; } X509_CRL *cl_load_crl(const char *file) From 6073d5a59a9e547fddcc20199e0cd996ee5219b9 Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Fri, 5 Dec 2025 16:48:59 -0700 Subject: [PATCH 2/4] fixup! Use non deprecated OpenSSL accessors for ASN1_STRING values. --- libclamav/crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libclamav/crypto.c b/libclamav/crypto.c index cc107b3e2a..208547c703 100644 --- a/libclamav/crypto.c +++ b/libclamav/crypto.c @@ -1773,7 +1773,7 @@ struct tm *cl_ASN1_GetTimeT(ASN1_TIME *timeobj) if (!(t)) goto err; - if (timeobj->type == V_ASN1_UTCTIME) { + if (ASN1_STRING_type(timeobj) == V_ASN1_UTCTIME) { /* two digit year */ fmt = "%y%m%d%H%M%S"; if (str[3] == '0') { @@ -1782,7 +1782,7 @@ struct tm *cl_ASN1_GetTimeT(ASN1_TIME *timeobj) } else { str[3]--; } - } else if (timeobj->type == V_ASN1_GENERALIZEDTIME) { + } else if (ASN1_STRING_type(timeobj) == V_ASN1_GENERALIZEDTIME) { /* four digit year */ fmt = "%Y%m%d%H%M%S"; if (str[5] == '0') { From 43fe6e764b9ea6b9ead92ad2a2d1a2166a598bc1 Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Sat, 6 Dec 2025 08:30:01 -0700 Subject: [PATCH 3/4] fixup! Use non deprecated OpenSSL accessors for ASN1_STRING values. --- libclamav/crypto.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/libclamav/crypto.c b/libclamav/crypto.c index 208547c703..f20d59d7e6 100644 --- a/libclamav/crypto.c +++ b/libclamav/crypto.c @@ -1748,10 +1748,10 @@ X509 *cl_load_cert(const char *certpath) struct tm *cl_ASN1_GetTimeT(ASN1_TIME *timeobj) { - struct tm *ret = NULL; - struct tm *t = NULL; - char *str = NULL; - const char *fmt = NULL; + struct tm *ret = NULL; + struct tm *t = NULL; + char *str = NULL; + const char *data, *fmt = NULL; time_t localt; #ifdef _WIN32 struct tm localtm, *ltm; @@ -1759,11 +1759,10 @@ struct tm *cl_ASN1_GetTimeT(ASN1_TIME *timeobj) struct tm localtm; #endif - if (!(timeobj)) + if (timeobj == NULL || (data = ASN1_STRING_get0_data(timeobj)) == NULL) goto err; - if ((str = strndup(ASN1_STRING_get0_data(timeobj), - ASN1_STRING_length(timeobj))) == NULL) + if ((str = strndup(data, ASN1_STRING_length(timeobj))) == NULL) goto err; if (strlen(str) < 12) From 3e9a318415d87052033afb8fc3ec86f74588169b Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Fri, 12 Dec 2025 09:40:54 -0700 Subject: [PATCH 4/4] fixup! Use non deprecated OpenSSL accessors for ASN1_STRING values. --- libclamav/crypto.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/libclamav/crypto.c b/libclamav/crypto.c index f20d59d7e6..61c6d54349 100644 --- a/libclamav/crypto.c +++ b/libclamav/crypto.c @@ -1760,17 +1760,18 @@ struct tm *cl_ASN1_GetTimeT(ASN1_TIME *timeobj) #endif if (timeobj == NULL || (data = ASN1_STRING_get0_data(timeobj)) == NULL) - goto err; + goto done; - if ((str = strndup(data, ASN1_STRING_length(timeobj))) == NULL) - goto err; + str = CLI_STRNDUP(data, ASN1_STRING_length(timeobj)); + if (NULL == str) + goto done; if (strlen(str) < 12) - goto err; + goto done; t = (struct tm *)calloc(1, sizeof(struct tm)); if (!(t)) - goto err; + goto done; if (ASN1_STRING_type(timeobj) == V_ASN1_UTCTIME) { /* two digit year */ @@ -1793,10 +1794,10 @@ struct tm *cl_ASN1_GetTimeT(ASN1_TIME *timeobj) } if (!(fmt)) - goto err; + goto done; if (!strptime(str, fmt, t)) - goto err; + goto done; /* Convert to local time */ localt = time(NULL); @@ -1811,7 +1812,7 @@ struct tm *cl_ASN1_GetTimeT(ASN1_TIME *timeobj) ret = t; t = NULL; -err: +done: free(t); free(str);