diff -urN strongswan-4.3.1/src/libstrongswan/asn1/asn1.c strongswan-4.3.1_asn1_time/src/libstrongswan/asn1/asn1.c
--- strongswan-4.3.1/src/libstrongswan/asn1/asn1.c	2009-05-15 10:01:29.000000000 +0200
+++ strongswan-4.3.1_asn1_time/src/libstrongswan/asn1/asn1.c	2009-06-18 22:06:20.000000000 +0200
@@ -321,12 +321,18 @@
 	}
 	else if ((eot = memchr(utctime->ptr, '+', utctime->len)) != NULL)
 	{
-		sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
+		if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
+		{
+			return 0; /* error in positive timezone offset format */
+		}
 		tz_offset = 3600*tz_hour + 60*tz_min;  /* positive time zone offset */
 	}
 	else if ((eot = memchr(utctime->ptr, '-', utctime->len)) != NULL)
 	{
-		sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
+		if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
+		{
+			return 0; /* error in negative timezone offset format */
+		}
 		tz_offset = -3600*tz_hour - 60*tz_min;  /* negative time zone offset */
 	}
 	else
@@ -339,13 +345,20 @@
 		const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
 													 "%4d%2d%2d%2d%2d";
 	
-		sscanf(utctime->ptr, format, &tm_year, &tm_mon, &tm_day, &tm_hour, &tm_min);
+		if (sscanf(utctime->ptr, format, &tm_year, &tm_mon, &tm_day,
+										 &tm_hour, &tm_min) != 5)
+		{
+			return 0; /* error in time st [yy]yymmddhhmm time format */
+		}
 	}
 	
 	/* is there a seconds field? */
 	if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14))
 	{
-		sscanf(eot-2, "%2d", &tm_sec);
+		if (sscanf(eot-2, "%2d", &tm_sec) != 1)
+		{
+			return 0; /* error in ss seconds field format */
+		}
 	}
 	else
 	{
@@ -365,9 +378,9 @@
 	}
 
 	/* representation of months as 0..11*/
-	if (tm_mon > 12)
+	if (tm_mon < 1 || tm_mon > 12)
 	{
-		return 0; /* error in time format */
+		return 0; /* error in month format */
 	}
 	tm_mon--;