From: Jo Sutton <josutton@catalyst.net.nz>
Date: Sun, 18 Feb 2024 21:34:02 +0000 (+1300)
Subject: lib:crypto: Check for overflow in GKDI rollover interval calculation
X-Git-Tag: tdb-1.4.11~1640
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e7a96915e8207f562000f60869e449ddf8bc915f;p=thirdparty%2Fsamba.git

lib:crypto: Check for overflow in GKDI rollover interval calculation

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/lib/crypto/gkdi.c b/lib/crypto/gkdi.c
index 66e1da18f34..af00ea4217e 100644
--- a/lib/crypto/gkdi.c
+++ b/lib/crypto/gkdi.c
@@ -241,7 +241,18 @@ bool gkid_less_than_or_equal_to(const struct Gkid g1, const struct Gkid g2)
 bool gkdi_rollover_interval(const int64_t managed_password_interval,
 			    NTTIME *result)
 {
-	if (managed_password_interval < 0) {
+	/*
+	 * This is actually a conservative reckoning. The interval could be one
+	 * higher than this maximum and not overflow. But there’s no reason to
+	 * support intervals that high (and Windows will start producing strange
+	 * results for intervals beyond that).
+	 */
+	const int64_t maximum_interval = UINT64_MAX / gkdi_key_cycle_duration *
+					 10 / 24;
+
+	if (managed_password_interval < 0 ||
+	    managed_password_interval > maximum_interval)
+	{
 		return false;
 	}