Off by one in cert:validat(notafter) #173

2024-11-08 06:28:26 +01:00 · 2021-06-23 13:35:49 -03:00 · 2021-06-23 13:35:49 -03:00 · cdcf5fdb30
commit cdcf5fdb30
parent bdbc67b188
1 changed files with 5 additions and 2 deletions
--- a/src/x509.c
+++ b/src/x509.c
@ -485,10 +485,13 @@ static int meth_digest(lua_State* L)
 */
 static int meth_valid_at(lua_State* L)
 {
+  int nb, na;
  X509* cert = lsec_checkx509(L, 1);
  time_t time = luaL_checkinteger(L, 2);
-  lua_pushboolean(L, (X509_cmp_time(X509_get0_notAfter(cert), &time)     >= 0
-                      && X509_cmp_time(X509_get0_notBefore(cert), &time) <= 0));
+  nb = X509_cmp_time(X509_get0_notBefore(cert), &time);
+  time -= 1;
+  na = X509_cmp_time(X509_get0_notAfter(cert),  &time);
+  lua_pushboolean(L, nb == -1 && na == 1);
  return 1;
 }