oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: don't truncate authtime in gsskrb5_extract_authtime_from_sec_context()

Browse Source 
The interface between the krb5 mechanism and the mechglue API
gsskrb5_extract_authtime_from_sec_context() assumed the authtime would fit into
an uint32_t, which is not the case on platforms where time_t is 64-bit.

Fixes: #1073
This commit is contained in:
Luke Howard
2023-01-15 10:20:54 +11:00
parent 98858aa215
commit 363e7d1e0f
2 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/gssapi/krb5/inquire_sec_context_by_oid.c
View File

@@ -430,8 +430,8 @@ get_authtime(OM_uint32 *minor_status,
{
gss_buffer_desc value;
unsigned char buf[4];
OM_uint32 authtime;
unsigned char buf[SIZEOF_TIME_T];
time_t authtime;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
if (ctx->ticket == NULL) {
@@ -445,7 +445,13 @@ get_authtime(OM_uint32 *minor_status,
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
#if SIZEOF_TIME_T == 8
_gss_mg_encode_le_uint64(authtime, buf);
#elif SIZEOF_TIME_T == 4
_gss_mg_encode_le_uint32(authtime, buf);
#else
#error set SIZEOF_TIME_T for your platform
#endif
value.length = sizeof(buf);
value.value = buf;