From ade3d65e7351783f3321119435290231668771c2 Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Sun, 22 May 2011 20:57:30 -0700
Subject: [PATCH] more limits

---
 lib/asn1/timegm.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/lib/asn1/timegm.c b/lib/asn1/timegm.c
index 6dc85d127..d9f4adbd5 100644
--- a/lib/asn1/timegm.c
+++ b/lib/asn1/timegm.c
@@ -33,7 +33,7 @@
 
 #include "der_locl.h"
 
-RCSID("$Id$");
+#define ASN1_MAX_YEAR	2000
 
 static int
 is_leap(unsigned y)
@@ -58,6 +58,12 @@ _der_timegm (struct tm *tm)
   time_t res = 0;
   int i;
 
+  /*
+   * See comment in _der_gmtime
+   */
+  if (tm->tm_year > ASN1_MAX_YEAR)
+      return 0;
+
   if (tm->tm_year < 0)
       return -1;
   if (tm->tm_mon < 0 || tm->tm_mon > 11)
@@ -101,9 +107,10 @@ _der_gmtime(time_t t, struct tm *tm)
     /*
      * Refuse to calculate time ~ 2000 years into the future, this is
      * not possible for systems where time_t is a int32_t, however,
-     * when time_t is a int64_t, that can happen.
+     * when time_t is a int64_t, that can happen, and this becomes a
+     * denial of sevice.
      */
-    if (days > 356000)
+    if (days > (ASN1_MAX_YEAR * 365))
 	return NULL;
 
     tm->tm_year = 70;