diff options
author | Greg Hudson <ghudson@mit.edu> | 2021-12-01 19:35:32 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2021-12-05 18:24:45 -0500 |
commit | 149df661ad76ea4b5fff0de28e77a767f9355fdc (patch) | |
tree | 9a03276da87e79c46c6527ed4c47c1770c2f09d7 | |
parent | 6b1bc3801b57ece62d00a491bbd0819abd162dd2 (diff) | |
download | krb5-149df661ad76ea4b5fff0de28e77a767f9355fdc.zip krb5-149df661ad76ea4b5fff0de28e77a767f9355fdc.tar.gz krb5-149df661ad76ea4b5fff0de28e77a767f9355fdc.tar.bz2 |
Fix PAC handling of authtimes after y2038
Remove the unnecessary handling of negative inputs in
k5_time_to_seconds_since_1970() and k5_seconds_since_1970_to_time(),
and cast the krb5_timestamp input to uint32_t to properly handle
values after y2038.
ticket: 9039 (new)
-rw-r--r-- | src/lib/krb5/krb/pac.c | 20 |
1 files changed, 5 insertions, 15 deletions
diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c index 46705d2..5118bf7 100644 --- a/src/lib/krb5/krb/pac.c +++ b/src/lib/krb5/krb/pac.c @@ -370,32 +370,22 @@ krb5_pac_parse(krb5_context context, } static krb5_error_code -k5_time_to_seconds_since_1970(int64_t ntTime, krb5_timestamp *elapsedSeconds) +k5_time_to_seconds_since_1970(uint64_t ntTime, krb5_timestamp *elapsedSeconds) { - uint64_t abstime; - - ntTime /= 10000000; - - abstime = ntTime > 0 ? ntTime - NT_TIME_EPOCH : -ntTime; + uint64_t abstime = ntTime / 10000000 - NT_TIME_EPOCH; if (abstime > UINT32_MAX) return ERANGE; - *elapsedSeconds = abstime; - return 0; } krb5_error_code k5_seconds_since_1970_to_time(krb5_timestamp elapsedSeconds, uint64_t *ntTime) { - *ntTime = elapsedSeconds; - - if (elapsedSeconds > 0) - *ntTime += NT_TIME_EPOCH; - + *ntTime = (uint32_t)elapsedSeconds; + *ntTime += NT_TIME_EPOCH; *ntTime *= 10000000; - return 0; } @@ -411,7 +401,7 @@ krb5_pac_get_client_info(krb5_context context, unsigned char *p; krb5_timestamp pac_authtime; krb5_ui_2 pac_princname_length; - int64_t pac_nt_authtime; + uint64_t pac_nt_authtime; if (authtime_out != NULL) *authtime_out = 0; |