utctime and gentime: inline formats, constrain input data

HoneyryderChuck · HoneyryderChuck · commit a46b07b08d20 · 2025-07-04T15:37:45.000+01:00
utctime should not take dates into account with a year below 1950 and above 2049
diff --git a/lib/openssl/asn1.rb b/lib/openssl/asn1.rb
@@ -376,10 +376,11 @@ def der_value
     end
 
     class UTCTime < Primitive
-      FORMAT = "%y%m%d%H%M%SZ".freeze
-
       private
 
+      YEAR_RANGE = 1950..2049
+      private_constant :YEAR_RANGE
+
       # :nodoc:
       def der_value
         value = if @value.is_a?(Time)
@@ -388,13 +389,13 @@ def der_value
           Time.at(Integer(@value))
         end
 
-        value.utc.strftime(FORMAT)
+        raise OpenSSL::ASN1::ASN1Error unless YEAR_RANGE.include?(value.year)
+
+        value.utc.strftime("%y%m%d%H%M%SZ")
       end
     end
 
     class GeneralizedTime < Primitive
-      FORMAT = "%Y%m%d%H%M%SZ".freeze
-
       private
 
       # :nodoc:
@@ -405,7 +406,7 @@ def der_value
           Time.at(Integer(@value))
         end
 
-        value.utc.strftime(FORMAT)
+        value.utc.strftime("%Y%m%d%H%M%SZ")
       end
     end
 
