From 363e7d1e0fb84da29a023867ad7650e3da2ed330 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Sun, 15 Jan 2023 10:20:54 +1100 Subject: [PATCH] gss: don't truncate authtime in gsskrb5_extract_authtime_from_sec_context() The interface between the krb5 mechanism and the mechglue API gsskrb5_extract_authtime_from_sec_context() assumed the authtime would fit into an uint32_t, which is not the case on platforms where time_t is 64-bit. Fixes: #1073 --- lib/gssapi/krb5/inquire_sec_context_by_oid.c | 10 ++++++++-- lib/gssapi/mech/gss_krb5.c | 13 +++++++++---- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/lib/gssapi/krb5/inquire_sec_context_by_oid.c index ec3e5aa67..49d86d11c 100644 --- a/lib/gssapi/krb5/inquire_sec_context_by_oid.c +++ b/lib/gssapi/krb5/inquire_sec_context_by_oid.c @@ -430,8 +430,8 @@ get_authtime(OM_uint32 *minor_status, { gss_buffer_desc value; - unsigned char buf[4]; - OM_uint32 authtime; + unsigned char buf[SIZEOF_TIME_T]; + time_t authtime; HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); if (ctx->ticket == NULL) { @@ -445,7 +445,13 @@ get_authtime(OM_uint32 *minor_status, HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); +#if SIZEOF_TIME_T == 8 + _gss_mg_encode_le_uint64(authtime, buf); +#elif SIZEOF_TIME_T == 4 _gss_mg_encode_le_uint32(authtime, buf); +#else +#error set SIZEOF_TIME_T for your platform +#endif value.length = sizeof(buf); value.value = buf; diff --git a/lib/gssapi/mech/gss_krb5.c b/lib/gssapi/mech/gss_krb5.c index 8d3e961e5..21bb2bffb 100644 --- a/lib/gssapi/mech/gss_krb5.c +++ b/lib/gssapi/mech/gss_krb5.c @@ -538,7 +538,6 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, { gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; OM_uint32 maj_stat; - uint32_t tmp; if (context_handle == GSS_C_NO_CONTEXT) { *minor_status = EINVAL; @@ -565,14 +564,20 @@ gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, return GSS_S_FAILURE; } - if (data_set->elements[0].length != 4) { + if (data_set->elements[0].length != SIZEOF_TIME_T) { gss_release_buffer_set(minor_status, &data_set); *minor_status = EINVAL; return GSS_S_FAILURE; } - _gss_mg_decode_le_uint32(data_set->elements[0].value, &tmp); - *authtime = (time_t)tmp; +#if SIZEOF_TIME_T == 8 + _gss_mg_decode_le_uint64(data_set->elements[0].value, (uint64_t *)authtime); +#elif SIZEOF_TIME_T == 4 + _gss_mg_decode_le_uint32(data_set->elements[0].value, (uint32_t *)authtime); +#else +#error set SIZEOF_TIME_T for your platform +#endif + gss_release_buffer_set(minor_status, &data_set); *minor_status = 0;