oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: don't truncate authtime in gsskrb5_extract_authtime_from_sec_context()

Browse Source 
The interface between the krb5 mechanism and the mechglue API
gsskrb5_extract_authtime_from_sec_context() assumed the authtime would fit into
an uint32_t, which is not the case on platforms where time_t is 64-bit.

Fixes: #1073
This commit is contained in:
Luke Howard
2023-01-15 10:20:54 +11:00
parent 98858aa215
commit 363e7d1e0f
2 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/gssapi/krb5/inquire_sec_context_by_oid.c
View File

@@ -430,8 +430,8 @@ get_authtime(OM_uint32 *minor_status,
{
gss_buffer_desc value;
unsigned char buf[4];
OM_uint32 authtime;
unsigned char buf[SIZEOF_TIME_T];
time_t authtime;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
if (ctx->ticket == NULL) {
@@ -445,7 +445,13 @@ get_authtime(OM_uint32 *minor_status,
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
#if SIZEOF_TIME_T == 8
_gss_mg_encode_le_uint64(authtime, buf);
#elif SIZEOF_TIME_T == 4
_gss_mg_encode_le_uint32(authtime, buf);
#else
#error set SIZEOF_TIME_T for your platform
#endif
value.length = sizeof(buf);
value.value = buf;

13
lib/gssapi/mech/gss_krb5.c
View File

@@ -538,7 +538,6 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
{
gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET;
OM_uint32 maj_stat;
uint32_t tmp;
if (context_handle == GSS_C_NO_CONTEXT) {
*minor_status = EINVAL;
@@ -565,14 +564,20 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
if (data_set->elements[0].length != 4) {
if (data_set->elements[0].length != SIZEOF_TIME_T) {
gss_release_buffer_set(minor_status, &data_set);
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
_gss_mg_decode_le_uint32(data_set->elements[0].value, &tmp);
*authtime = (time_t)tmp;
#if SIZEOF_TIME_T == 8
_gss_mg_decode_le_uint64(data_set->elements[0].value, (uint64_t *)authtime);
#elif SIZEOF_TIME_T == 4
_gss_mg_decode_le_uint32(data_set->elements[0].value, (uint32_t *)authtime);
#else
#error set SIZEOF_TIME_T for your platform
#endif
gss_release_buffer_set(minor_status, &data_set);
*minor_status = 0;