From 57e10d71be924d157bdbe7ae0c0faf727520aad5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Mon, 22 Jun 2015 18:59:21 +0200
Subject: [PATCH] Fix potential NULL dereference.

Introduced when moving from gmtime_r() to gmtime().
Found with fbinfer.
---
 library/x509.c | 34 ++++++++++++++++++++++++----------
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/library/x509.c b/library/x509.c
index d5f93d02c..4214ceede 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -820,9 +820,13 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name )
 }
 
 #if defined(MBEDTLS_HAVE_TIME_DATE)
+/*
+ * Set the time structure to the current time.
+ * Return 0 on success, non-zero on failure.
+ */
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
 static int x509_get_current_time( mbedtls_x509_time *now )
 {
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
     SYSTEMTIME st;
 
     GetSystemTime( &st );
@@ -833,9 +837,15 @@ static int x509_get_current_time( mbedtls_x509_time *now )
     now->hour = st.wHour;
     now->min  = st.wMinute;
     now->sec  = st.wSecond;
+
+    return( 0 );
+}
 #else
+static int x509_get_current_time( mbedtls_x509_time *now )
+{
     struct tm *lt;
     time_t tt;
+    int ret = 0;
 
 #if defined(MBEDTLS_THREADING_C)
     if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
@@ -845,22 +855,26 @@ static int x509_get_current_time( mbedtls_x509_time *now )
     tt = time( NULL );
     lt = gmtime( &tt );
 
-    now->year = lt->tm_year + 1900;
-    now->mon  = lt->tm_mon  + 1;
-    now->day  = lt->tm_mday;
-    now->hour = lt->tm_hour;
-    now->min  = lt->tm_min;
-    now->sec  = lt->tm_sec;
+    if( lt == NULL )
+        ret = -1;
+    else
+    {
+        now->year = lt->tm_year + 1900;
+        now->mon  = lt->tm_mon  + 1;
+        now->day  = lt->tm_mday;
+        now->hour = lt->tm_hour;
+        now->min  = lt->tm_min;
+        now->sec  = lt->tm_sec;
+    }
 
 #if defined(MBEDTLS_THREADING_C)
     if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
         return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
 #endif
 
-#endif /* _WIN32 && !EFIX64 && !EFI32 */
-
-    return( 0 );
+    return( ret );
 }
+#endif /* _WIN32 && !EFIX64 && !EFI32 */
 
 /*
  * Return 0 if before <= after, 1 otherwise