From 3294be8cfee92352e4c5475be29f862e247e0233 Mon Sep 17 00:00:00 2001 From: tb Date: Mon, 1 Jun 2026 12:22:06 +0000 Subject: [PATCH] ntpd: use the usual error check for timegm(3). Straightforward change. The code could use some refactoring to avoid two consecutive timegm(3) calls on tm_tls. The layering is a bit strange here. ok deraadt henning job --- usr.sbin/ntpd/constraint.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/usr.sbin/ntpd/constraint.c b/usr.sbin/ntpd/constraint.c index 7ecbc18920f..3a370c242df 100644 --- a/usr.sbin/ntpd/constraint.c +++ b/usr.sbin/ntpd/constraint.c @@ -1,4 +1,4 @@ -/* $OpenBSD: constraint.c,v 1.60 2024/11/21 13:38:14 claudio Exp $ */ +/* $OpenBSD: constraint.c,v 1.61 2026/06/01 12:22:06 tb Exp $ */ /* * Copyright (c) 2015 Reyk Floeter @@ -1062,7 +1062,9 @@ httpsdate_request(struct httpsdate *httpsdate, struct timeval *when, int synced) */ notbefore = tls_peer_cert_notbefore(httpsdate->tls_ctx); notafter = tls_peer_cert_notafter(httpsdate->tls_ctx); - if ((httptime = timegm(&httpsdate->tls_tm)) == -1) + httpsdate->tls_tm.tm_wday = -1; + if ((httptime = timegm(&httpsdate->tls_tm)) == -1 && + httpsdate->tls_tm.tm_wday == -1) goto fail; if (httptime <= notbefore) { if ((tm = gmtime(¬before)) == NULL) @@ -1114,8 +1116,12 @@ httpsdate_query(const char *addr, const char *port, const char *hostname, if (httpsdate_request(httpsdate, &when, synced) == -1) return (NULL); - /* Return parsed date as local time */ + httpsdate->tls_tm.tm_wday = -1; t = timegm(&httpsdate->tls_tm); + if (t == -1 && httpsdate->tls_tm.tm_wday == -1) { + httpsdate_free(httpsdate); + return (NULL); + } /* Report parsed Date: as "received time" */ rectv->tv_sec = t;