From 9d1680851559760daf9ff615f6d128a5c7c50197 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Sat, 7 Aug 2021 19:17:55 +1000
Subject: [PATCH] krb5: mask integers to avoid unnecessary expansion

Sign-extension would expand the encoding of packed negative integers to one
greater than required.
---
 lib/krb5/store.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/krb5/store.c b/lib/krb5/store.c
index a3505a4c2..74c0fd281 100644
--- a/lib/krb5/store.c
+++ b/lib/krb5/store.c
@@ -412,6 +412,8 @@ krb5_store_int(krb5_storage *sp,
 	return EINVAL;
 
     if (BYTEORDER_IS_PACKED(sp)) {
+        size_t mask = ~0ULL >> (64 - len * 8);
+        value &= mask;
         p += sizeof(v) - 1;
         len = pack_int(p, value);
         p = v + sizeof(v) - len;