diff options
| author | Greg Hudson <ghudson@mit.edu> | 2015-03-08 16:20:07 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2015-04-15 00:09:06 -0400 |
| commit | 1d4df2264684ab6731dedc8882a0cd6353af33da (patch) | |
| tree | ababcd309d49e2316ef356513df5de4b28524f94 /src/lib/kdb | |
| parent | 7fbc092107298bded216fbce4cff6592275bff03 (diff) | |
| download | krb5-1d4df2264684ab6731dedc8882a0cd6353af33da.zip krb5-1d4df2264684ab6731dedc8882a0cd6353af33da.tar.gz krb5-1d4df2264684ab6731dedc8882a0cd6353af33da.tar.bz2 | |
Use unsigned 16-bit type for key data kvno
Change key_data_kvno from a signed 16-bit field to an unsigned 16-bit
field, since negative values are never meaningful. When adding new
keys, wrap from 65535 to 1 to avoid using the special value 0.
Don't bump the KDB binary version since this change is unlikely to
affect callers.
ticket: 7532
Diffstat (limited to 'src/lib/kdb')
| -rw-r--r-- | src/lib/kdb/kdb_convert.c | 2 | ||||
| -rw-r--r-- | src/lib/kdb/kdb_cpw.c | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/src/lib/kdb/kdb_convert.c b/src/lib/kdb/kdb_convert.c index 1370395..509016f 100644 --- a/src/lib/kdb/kdb_convert.c +++ b/src/lib/kdb/kdb_convert.c @@ -704,7 +704,7 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry **entry, krb5_key_data *kp = &ent->key_data[j]; kdbe_key_t *kv = &ULOG_ENTRY_KEYVAL(update, i, j); kp->key_data_ver = (krb5_int16)kv->k_ver; - kp->key_data_kvno = (krb5_int16)kv->k_kvno; + kp->key_data_kvno = (krb5_ui_2)kv->k_kvno; if (kp->key_data_ver > 2) { return EINVAL; /* XXX ? */ } diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c index fb07665..33017ec 100644 --- a/src/lib/kdb/kdb_cpw.c +++ b/src/lib/kdb/kdb_cpw.c @@ -436,6 +436,10 @@ rekey(krb5_context context, krb5_keyblock *mkey, krb5_key_salt_tuple *ks_tuple, old_kvno = krb5_db_get_key_data_kvno(context, n_key_data, key_data); if (new_kvno < old_kvno + 1) new_kvno = old_kvno + 1; + /* Wrap from 65535 to 1; we can only store 16-bit kvno values in key_data, + * and we assign special meaning to kvno 0. */ + if (new_kvno == (1 << 16)) + new_kvno = 1; /* Add new keys to the front of the list. */ if (password != NULL) { |