git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Thu, 24 Aug 2017 20:00:33 +0000 (16:00 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Fri, 8 Sep 2017 15:56:10 +0000 (11:56 -0400)
commit	54e58755368b58ba5894a14c1d02626da42d8003
tree	002675b781fdf58c07408cde966fa9bb5d673a97	tree
parent	4cfb64e362443be36a4cb92fb8f5d1d93280fb3f	commit \| diff

Limit ticket lifetime to 2^31-1 seconds

Although timestamps above 2^31-1 are now valid, intervals exceeding
2^31-1 seconds may be treated incorrectly by comparison operations.

The initially computed interval in kdc_get_ticket_endtime() could be
negative if the requested end time is far in the future, causing the
function to yield an incorrect result. (With the new larger value of
kdc_infinity, this could specifically happen if a KDC-REQ contains a
zero till field.) Cap the interval at the maximum valid value.
Reported by Weijun Wang.

Avoid delta comparisons in favor of timestamp comparions in
krb5int_validate_times(), ksu's krb5_check_exp(), and clockskew
checks.

Also use a y2038-safe timestamp comparison in set_request_times() when
comparing the requested renewable end time to the requested ticket end
time.

ticket: 8352

src/clients/ksu/ccache.c		diff \| blob \| blame \| history
src/include/k5-int.h		diff \| blob \| blame \| history
src/kdc/kdc_util.c		diff \| blob \| blame \| history
src/kdc/replay.c		diff \| blob \| blame \| history
src/kdc/t_replay.c		diff \| blob \| blame \| history
src/lib/krb5/krb/gc_via_tkt.c		diff \| blob \| blame \| history
src/lib/krb5/krb/get_in_tkt.c		diff \| blob \| blame \| history
src/lib/krb5/krb/int-proto.h		diff \| blob \| blame \| history
src/lib/krb5/krb/valid_times.c		diff \| blob \| blame \| history
src/lib/krb5/os/timeofday.c		diff \| blob \| blame \| history