From 755229f6d30becb5d8435c09a20716f15997ce14 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Tue, 29 Nov 2005 15:55:34 +0000
Subject: [PATCH] (krb5_verify_ap_re2): check timestamp in authenticator

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16309 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/rd_req.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c
index 089e88dd0..8fb66abd1 100644
--- a/lib/krb5/rd_req.c
+++ b/lib/krb5/rd_req.c
@@ -421,6 +421,19 @@ krb5_verify_ap_req2(krb5_context context,
 	goto out;
     }
 
+    /* check timestamp in authenticator */
+    {
+	krb5_timestamp now;
+
+	krb5_timeofday (context, &now);
+
+	if (abs(ac->authenticator->ctime - now) > context->max_skew) {
+	    ret = KRB5KRB_AP_ERR_SKEW;
+	    krb5_clear_error_string (context);
+	    goto out;
+	}
+    }
+
     if (ac->authenticator->seq_number)
 	krb5_auth_con_setremoteseqnumber(context, ac,
 					 *ac->authenticator->seq_number);