diff options
| author | Greg Hudson <ghudson@mit.edu> | 2017-04-22 12:52:17 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2017-05-16 11:56:04 -0400 |
| commit | a9cbbf0899f270fbb14f63ffbed1b6d542333641 (patch) | |
| tree | bacefc1878f2c58a0e9ebc840b403daa91b318a5 /src/lib/krb5/asn.1/asn1_k_encode.c | |
| parent | 58e9155060cd93b1a7557e37fbc9b077b76465c2 (diff) | |
| download | krb5-a9cbbf0899f270fbb14f63ffbed1b6d542333641.zip krb5-a9cbbf0899f270fbb14f63ffbed1b6d542333641.tar.gz krb5-a9cbbf0899f270fbb14f63ffbed1b6d542333641.tar.bz2 | |
Make timestamp manipulations y2038-safe
Wherever we manipulate krb5_timestamp values using arithmetic,
comparison operations, or conversion to time_t, use the new helper
functions in k5-int.h to ensure that the operations work after y2038
and do not exhibit undefined behavior. (Relying on
implementation-defined conversion to signed values is okay as we test
that in configure.in.)
In printf format strings, use %u instead of signed types. When
exporting creds with k5_json_array_fmt(), use a long long so that
timestamps after y2038 aren't marshalled as negative numbers. When
parsing timestamps in test programs, use atoll() instead of atol() so
that positive timestamps after y2038 can be used as input.
In ksu and klist, make printtime() take a krb5_timestamp parameter to
avoid an unnecessary conversion to time_t and back.
As Leash does not use k5-int.h, use time_t values internally and
safely convert from libkrb5 timestamp values.
ticket: 8352
Diffstat (limited to 'src/lib/krb5/asn.1/asn1_k_encode.c')
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_encode.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index a827ca6..8894609 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -158,8 +158,7 @@ static asn1_error_code encode_kerberos_time(asn1buf *buf, const void *p, taginfo *rettag, size_t *len_out) { - /* Range checking for time_t vs krb5_timestamp? */ - time_t val = *(krb5_timestamp *)p; + time_t val = ts2tt(*(krb5_timestamp *)p); rettag->asn1class = UNIVERSAL; rettag->construction = PRIMITIVE; rettag->tagnum = ASN1_GENERALTIME; |