From e7e2c7a1451a0c4154bacb30e6110de276d6e18b Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Tue, 15 Feb 2022 13:41:23 -0600
Subject: [PATCH] kdc: Honor "unlimited" max_life/max_renew

---
 kdc/kerberos5.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
index 524f1d536..503ddd548 100644
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -2498,10 +2498,10 @@ _kdc_as_rep(astgs_request_t r)
          */
         if (r->pa_max_life > 0)
             t = start + min(t - start, r->pa_max_life);
-        else if (r->client->max_life)
+        else if (r->client->max_life && *r->client->max_life)
 	    t = start + min(t - start, *r->client->max_life);
 
-	if (r->server->max_life)
+	if (r->server->max_life && *r->server->max_life)
 	    t = start + min(t - start, *r->server->max_life);
 
         /* Pre-auth can bound endtime as well */
@@ -2524,9 +2524,9 @@ _kdc_as_rep(astgs_request_t r)
 	    t = *b->rtime;
 	    if(t == 0)
 		t = MAX_TIME;
-	    if(r->client->max_renew)
+	    if(r->client->max_renew && *r->client->max_renew)
 		t = start + min(t - start, *r->client->max_renew);
-	    if(r->server->max_renew)
+	    if(r->server->max_renew && *r->server->max_renew)
 		t = start + min(t - start, *r->server->max_renew);
 #if 0
 	    t = min(t, start + realm->max_renew);