Fix an integer underflow bug in libotp

Temporarily storing the offset time in an unsigned integer causes the
value of the offset to underflow when a (valid) negative offset value
is generated. Using a signed variable avoids this problem.

https://fedorahosted.org/freeipa/ticket/5333

Reviewed-By: Tomas Babej <tbabej@redhat.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/daemons/ipa-slapi-plugins/libotp/otp_token.c b/daemons/ipa-slapi-plugins/libotp/otp_token.c
index 9b90c6a11..a3cbfb062 100644
--- a/daemons/ipa-slapi-plugins/libotp/otp_token.c
+++ b/daemons/ipa-slapi-plugins/libotp/otp_token.c
@@ -199,10 +199,10 @@ static bool validate(struct otp_token *token, time_t now, ssize_t step,
     case TYPE_TOTP:
         /* Perform optional synchronization steps. */
         if (second != NULL) {
-            tmp = (step - now / token->totp.step) * token->totp.step;
-            if (!writeattr(token, T("clockOffset"), tmp))
+            long long off = (step - now / token->totp.step) * token->totp.step;
+            if (!writeattr(token, T("clockOffset"), off))
                 return false;
-            token->totp.offset = tmp;
+            token->totp.offset = off;
         }
         token->totp.watermark = step;
         break;