In krb5int_generate_and_save_subkey, check the return value of

krb5_crypto_us_timeofday.  It can't really fail in practice, but if it
did we'd be passing stack garbage to krb5_c_random_add_entropy.
That's harmless, but poor form.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22049 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 5 insertions, 4 deletions

diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c
index ed23fef4b..2cf1ddf13 100644
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -94,10 +94,11 @@ krb5int_generate_and_save_subkey (krb5_context context,
     krb5_data d;
     krb5_error_code retval;
 
-    krb5_crypto_us_timeofday (&rnd_data.sec, &rnd_data.usec);
-    d.length = sizeof (rnd_data);
-    d.data = (char *) &rnd_data;
-    (void) krb5_c_random_add_entropy (context, KRB5_C_RANDSOURCE_TIMING, &d);
+    if (krb5_crypto_us_timeofday(&rnd_data.sec, &rnd_data.usec) == 0) {
+	d.length = sizeof(rnd_data);
+	d.data = (char *) &rnd_data;
+	krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_TIMING, &d);
+    }
 
     if (auth_context->send_subkey)
 	krb5_free_keyblock(context, auth_context->send_subkey);