f1e535bb81
Adjust patches as appropriate
84 lines
3.5 KiB
Diff
84 lines
3.5 KiB
Diff
From 7b28a408650c58d0ea98fddab5034642af32fdaf Mon Sep 17 00:00:00 2001
|
|
From: Greg Hudson <ghudson@mit.edu>
|
|
Date: Wed, 17 May 2017 14:52:09 -0400
|
|
Subject: [PATCH] Fix more time manipulations for y2038
|
|
|
|
Use timestamp helper functions to ensure that more operations are safe
|
|
after y2038, and display the current timestamp as unsigned in
|
|
krb5int_trace().
|
|
|
|
ticket: 8352
|
|
(cherry picked from commit a60db180211a383bd382afe729e9309acb8dcf53)
|
|
---
|
|
src/kadmin/server/misc.c | 2 +-
|
|
src/kdc/dispatch.c | 2 +-
|
|
src/lib/krb5/os/c_ustime.c | 8 ++++----
|
|
src/lib/krb5/os/trace.c | 2 +-
|
|
4 files changed, 7 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c
|
|
index 27a6376af..a75b65a26 100644
|
|
--- a/src/kadmin/server/misc.c
|
|
+++ b/src/kadmin/server/misc.c
|
|
@@ -184,7 +184,7 @@ check_min_life(void *server_handle, krb5_principal principal,
|
|
(void) kadm5_free_principal_ent(handle->lhandle, &princ);
|
|
return (ret == KADM5_UNK_POLICY) ? 0 : ret;
|
|
}
|
|
- if((now - princ.last_pwd_change) < pol.pw_min_life &&
|
|
+ if(ts_delta(now, princ.last_pwd_change) < pol.pw_min_life &&
|
|
!(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
|
|
if (msg_ret != NULL) {
|
|
time_t until;
|
|
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
|
|
index 3a169ebc7..16a35d2be 100644
|
|
--- a/src/kdc/dispatch.c
|
|
+++ b/src/kdc/dispatch.c
|
|
@@ -104,7 +104,7 @@ reseed_random(krb5_context kdc_err_context)
|
|
if (last_os_random == 0)
|
|
last_os_random = now;
|
|
/* Grab random data from OS every hour*/
|
|
- if (now-last_os_random >= 60 * 60) {
|
|
+ if (ts_delta(now, last_os_random) >= 60 * 60) {
|
|
krb5_c_random_os_entropy(kdc_err_context, 0, NULL);
|
|
last_os_random = now;
|
|
}
|
|
diff --git a/src/lib/krb5/os/c_ustime.c b/src/lib/krb5/os/c_ustime.c
|
|
index 871d72183..68fb381f4 100644
|
|
--- a/src/lib/krb5/os/c_ustime.c
|
|
+++ b/src/lib/krb5/os/c_ustime.c
|
|
@@ -102,17 +102,17 @@ krb5_crypto_us_timeofday(krb5_int32 *seconds, krb5_int32 *microseconds)
|
|
putting now.sec in the past. But don't just use '<' because we
|
|
need to properly handle the case where the administrator intentionally
|
|
adjusted time backwards. */
|
|
- if ((now.sec == last_time.sec-1) ||
|
|
- ((now.sec == last_time.sec) && (now.usec <= last_time.usec))) {
|
|
+ if (now.sec == ts_incr(last_time.sec, -1) ||
|
|
+ (now.sec == last_time.sec && !ts_after(last_time.usec, now.usec))) {
|
|
/* Correct 'now' to be exactly one microsecond later than 'last_time'.
|
|
Note that _because_ we perform this hack, 'now' may be _earlier_
|
|
than 'last_time', even though the system time is monotonically
|
|
increasing. */
|
|
|
|
now.sec = last_time.sec;
|
|
- now.usec = ++last_time.usec;
|
|
+ now.usec = ts_incr(last_time.usec, 1);
|
|
if (now.usec >= 1000000) {
|
|
- ++now.sec;
|
|
+ now.sec = ts_incr(now.sec, 1);
|
|
now.usec = 0;
|
|
}
|
|
}
|
|
diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c
|
|
index a19246128..74c315c90 100644
|
|
--- a/src/lib/krb5/os/trace.c
|
|
+++ b/src/lib/krb5/os/trace.c
|
|
@@ -350,7 +350,7 @@ krb5int_trace(krb5_context context, const char *fmt, ...)
|
|
goto cleanup;
|
|
if (krb5_crypto_us_timeofday(&sec, &usec) != 0)
|
|
goto cleanup;
|
|
- if (asprintf(&msg, "[%d] %d.%d: %s\n", (int) getpid(), (int) sec,
|
|
+ if (asprintf(&msg, "[%d] %u.%d: %s\n", (int) getpid(), (unsigned int) sec,
|
|
(int) usec, str) < 0)
|
|
goto cleanup;
|
|
info.message = msg;
|