diff options
author | Nathaniel McCallum <npmccallum@redhat.com> | 2015-09-25 11:35:03 -0400 |
---|---|---|
committer | Tomas Babej <tbabej@redhat.com> | 2015-09-29 15:16:09 +0200 |
commit | 9e3eeadeb3120f3577e00ab9cb410eccf8d71de0 (patch) | |
tree | 271d701e24da60103ac723bf4f0339fbdbc3b058 | |
parent | 74da4f5870edda85039b3bba52fb0a578676fb44 (diff) | |
download | freeipa-9e3eeadeb3120f3577e00ab9cb410eccf8d71de0.tar.gz freeipa-9e3eeadeb3120f3577e00ab9cb410eccf8d71de0.tar.xz freeipa-9e3eeadeb3120f3577e00ab9cb410eccf8d71de0.zip |
Fix an integer underflow bug in libotp
Temporarily storing the offset time in an unsigned integer causes the
value of the offset to underflow when a (valid) negative offset value
is generated. Using a signed variable avoids this problem.
https://fedorahosted.org/freeipa/ticket/5333
Reviewed-By: Tomas Babej <tbabej@redhat.com>
-rw-r--r-- | daemons/ipa-slapi-plugins/libotp/otp_token.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/daemons/ipa-slapi-plugins/libotp/otp_token.c b/daemons/ipa-slapi-plugins/libotp/otp_token.c index 9b90c6a11..a3cbfb062 100644 --- a/daemons/ipa-slapi-plugins/libotp/otp_token.c +++ b/daemons/ipa-slapi-plugins/libotp/otp_token.c @@ -199,10 +199,10 @@ static bool validate(struct otp_token *token, time_t now, ssize_t step, case TYPE_TOTP: /* Perform optional synchronization steps. */ if (second != NULL) { - tmp = (step - now / token->totp.step) * token->totp.step; - if (!writeattr(token, T("clockOffset"), tmp)) + long long off = (step - now / token->totp.step) * token->totp.step; + if (!writeattr(token, T("clockOffset"), off)) return false; - token->totp.offset = tmp; + token->totp.offset = off; } token->totp.watermark = step; break; |