Handle invalid intervals in lockout-related kadmin parameters

ticket: 6911 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24966 dc483132-0cff-0310-8789-dd5450dbe970
author: Greg Hudson <ghudson@mit.edu> 2011-06-10 20:01:23 +0000
committer: Greg Hudson <ghudson@mit.edu> 2011-06-10 20:01:23 +0000
commit: b679ed1ac8cb5aeffd9b73969e19b2197ed0f05e (patch)
tree: 8f157ff4da2d6260c63bebd3e44ee40a3f447b26 /src
parent: fe5831ae11d3d0f055304a84595cfc0ad3852ebb (diff)
download: krb5-b679ed1ac8cb5aeffd9b73969e19b2197ed0f05e.tar.gz
krb5-b679ed1ac8cb5aeffd9b73969e19b2197ed0f05e.tar.xz
krb5-b679ed1ac8cb5aeffd9b73969e19b2197ed0f05e.zip
1 files changed, 18 insertions, 8 deletions
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c
index fedee85b1e..4935141ef0 100644
--- a/src/kadmin/cli/kadmin.c
+++ b/src/kadmin/cli/kadmin.c
@@ -1638,12 +1638,17 @@ kadmin_parse_policy_args(int argc, char *argv[], kadm5_policy_ent_t policy,
             if (++i > argc - 2)
                 return -1;
             else {
-                date = get_date(argv[i]);
                 /* Allow bare numbers for compatibility with 1.8-1.9. */
-                if (date == (time_t)-1 && isdigit(*argv[i]))
-                    policy->pw_failcnt_interval = atoi(argv[i]);
-                else
+                date = get_date(argv[i]);
+                if (date != (time_t)-1)
                     policy->pw_failcnt_interval = date - now;
+                else if (isdigit(*argv[i]))
+                    policy->pw_failcnt_interval = atoi(argv[i]);
+                else {
+                    fprintf(stderr, _("Invalid date specification \"%s\".\n"),
+                            argv[i]);
+                    return -1;
+                }
                 *mask |= KADM5_PW_FAILURE_COUNT_INTERVAL;
                 continue;
             }
@@ -1652,12 +1657,17 @@ kadmin_parse_policy_args(int argc, char *argv[], kadm5_policy_ent_t policy,
             if (++i > argc - 2)
                 return -1;
             else {
-                date = get_date(argv[i]);
                 /* Allow bare numbers for compatibility with 1.8-1.9. */
-                if (date == (time_t)-1 && isdigit(*argv[i]))
-                    policy->pw_lockout_duration = atoi(argv[i]);
-                else
+                date = get_date(argv[i]);
+                if (date != (time_t)-1)
                     policy->pw_lockout_duration = date - now;
+                else if (isdigit(*argv[i]))
+                    policy->pw_lockout_duration = atoi(argv[i]);
+                else {
+                    fprintf(stderr, _("Invalid date specification \"%s\".\n"),
+                            argv[i]);
+                    return -1;
+                }
                 *mask |= KADM5_PW_LOCKOUT_DURATION;
                 continue;
             }
author	Greg Hudson <ghudson@mit.edu>	2011-06-10 20:01:23 +0000
committer	Greg Hudson <ghudson@mit.edu>	2011-06-10 20:01:23 +0000
commit	b679ed1ac8cb5aeffd9b73969e19b2197ed0f05e (patch)
tree	8f157ff4da2d6260c63bebd3e44ee40a3f447b26 /src
parent	fe5831ae11d3d0f055304a84595cfc0ad3852ebb (diff)
download	krb5-b679ed1ac8cb5aeffd9b73969e19b2197ed0f05e.tar.gz krb5-b679ed1ac8cb5aeffd9b73969e19b2197ed0f05e.tar.xz krb5-b679ed1ac8cb5aeffd9b73969e19b2197ed0f05e.zip