]> git.ipfire.org Git - thirdparty/krb5.git/commit
Make timestamp manipulations y2038-safe
authorGreg Hudson <ghudson@mit.edu>
Sat, 22 Apr 2017 16:52:17 +0000 (12:52 -0400)
committerGreg Hudson <ghudson@mit.edu>
Tue, 16 May 2017 15:56:04 +0000 (11:56 -0400)
commita9cbbf0899f270fbb14f63ffbed1b6d542333641
treebacefc1878f2c58a0e9ebc840b403daa91b318a5
parent58e9155060cd93b1a7557e37fbc9b077b76465c2
Make timestamp manipulations y2038-safe

Wherever we manipulate krb5_timestamp values using arithmetic,
comparison operations, or conversion to time_t, use the new helper
functions in k5-int.h to ensure that the operations work after y2038
and do not exhibit undefined behavior.  (Relying on
implementation-defined conversion to signed values is okay as we test
that in configure.in.)

In printf format strings, use %u instead of signed types.  When
exporting creds with k5_json_array_fmt(), use a long long so that
timestamps after y2038 aren't marshalled as negative numbers.  When
parsing timestamps in test programs, use atoll() instead of atol() so
that positive timestamps after y2038 can be used as input.

In ksu and klist, make printtime() take a krb5_timestamp parameter to
avoid an unnecessary conversion to time_t and back.

As Leash does not use k5-int.h, use time_t values internally and
safely convert from libkrb5 timestamp values.

ticket: 8352
63 files changed:
src/clients/kinit/kinit.c
src/clients/klist/klist.c
src/clients/ksu/ccache.c
src/clients/ksu/ksu.h
src/kadmin/cli/getdate.y
src/kadmin/cli/kadmin.c
src/kadmin/dbutil/dump.c
src/kadmin/dbutil/kdb5_mkey.c
src/kadmin/dbutil/tabdump.c
src/kadmin/testing/util/tcl_kadm5.c
src/kdc/do_as_req.c
src/kdc/do_tgs_req.c
src/kdc/extern.c
src/kdc/fast_util.c
src/kdc/kdc_log.c
src/kdc/kdc_util.c
src/kdc/kdc_util.h
src/kdc/replay.c
src/kdc/tgs_policy.c
src/lib/gssapi/krb5/accept_sec_context.c
src/lib/gssapi/krb5/acquire_cred.c
src/lib/gssapi/krb5/context_time.c
src/lib/gssapi/krb5/export_cred.c
src/lib/gssapi/krb5/iakerb.c
src/lib/gssapi/krb5/init_sec_context.c
src/lib/gssapi/krb5/inq_context.c
src/lib/gssapi/krb5/inq_cred.c
src/lib/gssapi/krb5/s4u_gss_glue.c
src/lib/kadm5/chpass_util.c
src/lib/kadm5/srv/server_acl.c
src/lib/kadm5/srv/svr_principal.c
src/lib/kdb/kdb5.c
src/lib/krb5/asn.1/asn1_k_encode.c
src/lib/krb5/ccache/cc_keyring.c
src/lib/krb5/ccache/cc_memory.c
src/lib/krb5/ccache/cc_retr.c
src/lib/krb5/ccache/ccapi/stdcc_util.c
src/lib/krb5/ccache/cccursor.c
src/lib/krb5/keytab/kt_file.c
src/lib/krb5/krb/gc_via_tkt.c
src/lib/krb5/krb/get_creds.c
src/lib/krb5/krb/get_in_tkt.c
src/lib/krb5/krb/gic_pwd.c
src/lib/krb5/krb/int-proto.h
src/lib/krb5/krb/pac.c
src/lib/krb5/krb/str_conv.c
src/lib/krb5/krb/t_kerb.c
src/lib/krb5/krb/valid_times.c
src/lib/krb5/krb/vfy_increds.c
src/lib/krb5/os/timeofday.c
src/lib/krb5/os/toffset.c
src/lib/krb5/os/ustime.c
src/lib/krb5/rcache/rc_dfl.c
src/lib/krb5/rcache/t_replay.c
src/plugins/kdb/db2/lockout.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
src/plugins/kdb/ldap/libkdb_ldap/lockout.c
src/windows/cns/tktlist.c
src/windows/include/leashwin.h
src/windows/leash/KrbListTickets.cpp
src/windows/leash/LeashView.cpp
src/windows/leashdll/lshfunc.c
src/windows/ms2mit/ms2mit.c