1 files changed, 36 insertions, 9 deletions

diff --git a/g10/keygen.c b/g10/keygen.c
index 1605bff89..9b0113c5a 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -2748,6 +2748,7 @@ parse_expire_string_with_ct (const char *string, u32 creation_time)
   u32 seconds;
   u32 abs_date = 0;
   time_t tt;
+  uint64_t tmp64;
   u32 curtime;
 
   if (creation_time == (u32)-1)
@@ -2759,14 +2760,26 @@ parse_expire_string_with_ct (const char *string, u32 creation_time)
       || !strcmp (string, "never") || !strcmp (string, "-"))
     seconds = 0;
   else if (!strncmp (string, "seconds=", 8))
-    seconds = atoi (string+8);
+    seconds = scan_secondsstr (string+8);
   else if ((abs_date = scan_isodatestr(string))
            && (abs_date+86400/2) > curtime)
     seconds = (abs_date+86400/2) - curtime;
-  else if ((tt = isotime2epoch (string)) != (time_t)(-1))
-    seconds = (u32)tt - curtime;
+  else if ((tt = isotime2epoch_u64 (string)) != (uint64_t)(-1))
+    {
+      tmp64 = tt - curtime;
+      if (tmp64 >= (u32)(-1))
+        seconds = (u32)(-1) - 1;  /* cap value.  */
+      else
+        seconds = (u32)tmp64;
+    }
   else if ((mult = check_valid_days (string)))
-    seconds = atoi (string) * 86400L * mult;
+    {
+      tmp64 = scan_secondsstr (string) * 86400L * mult;
+      if (tmp64 >= (u32)(-1))
+        seconds = (u32)(-1) - 1;  /* cap value.  */
+      else
+        seconds = (u32)tmp64;
+    }
   else
     seconds = (u32)(-1);
 
@@ -2790,11 +2803,16 @@ parse_creation_string (const char *string)
   if (!*string)
     seconds = 0;
   else if ( !strncmp (string, "seconds=", 8) )
-    seconds = atoi (string+8);
+    seconds = scan_secondsstr (string+8);
   else if ( !(seconds = scan_isodatestr (string)))
     {
-      time_t tmp = isotime2epoch (string);
-      seconds = (tmp == (time_t)(-1))? 0 : tmp;
+      uint64_t tmp = isotime2epoch_u64 (string);
+      if (tmp == (uint64_t)(-1))
+        seconds = 0;
+      else if (tmp > (u32)(-1))
+        seconds = 0;
+      else
+        seconds = tmp;
     }
   return seconds;
 }
@@ -5395,17 +5413,26 @@ card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk,
     {
       ecdh_param_str = ecdh_param_str_from_pk (sk);
       if (!ecdh_param_str)
-        return gpg_error_from_syserror ();
+        {
+          free_public_key (sk);
+          return gpg_error_from_syserror ();
+        }
     }
 
   err = hexkeygrip_from_pk (sk, &hexgrip);
   if (err)
-    goto leave;
+    {
+      xfree (ecdh_param_str);
+      free_public_key (sk);
+      goto leave;
+    }
 
   memset(&info, 0, sizeof (info));
   rc = agent_scd_getattr ("SERIALNO", &info);
   if (rc)
     {
+      xfree (ecdh_param_str);
+      free_public_key (sk);
       err = (gpg_error_t)rc;
       goto leave;
     }