diff options
Diffstat (limited to 'Fix-more-time-manipulations-for-y2038.patch')
-rw-r--r-- | Fix-more-time-manipulations-for-y2038.patch | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/Fix-more-time-manipulations-for-y2038.patch b/Fix-more-time-manipulations-for-y2038.patch new file mode 100644 index 0000000..c202b96 --- /dev/null +++ b/Fix-more-time-manipulations-for-y2038.patch @@ -0,0 +1,83 @@ +From c9fca85329f4b25509f83837239bf882841caccc Mon Sep 17 00:00:00 2001 +From: Greg Hudson <ghudson@mit.edu> +Date: Wed, 17 May 2017 14:52:09 -0400 +Subject: [PATCH] Fix more time manipulations for y2038 + +Use timestamp helper functions to ensure that more operations are safe +after y2038, and display the current timestamp as unsigned in +krb5int_trace(). + +ticket: 8352 +(cherry picked from commit a60db180211a383bd382afe729e9309acb8dcf53) +--- + src/kadmin/server/misc.c | 2 +- + src/kdc/dispatch.c | 2 +- + src/lib/krb5/os/c_ustime.c | 8 ++++---- + src/lib/krb5/os/trace.c | 2 +- + 4 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c +index 27a6376af..a75b65a26 100644 +--- a/src/kadmin/server/misc.c ++++ b/src/kadmin/server/misc.c +@@ -184,7 +184,7 @@ check_min_life(void *server_handle, krb5_principal principal, + (void) kadm5_free_principal_ent(handle->lhandle, &princ); + return (ret == KADM5_UNK_POLICY) ? 0 : ret; + } +- if((now - princ.last_pwd_change) < pol.pw_min_life && ++ if(ts_delta(now, princ.last_pwd_change) < pol.pw_min_life && + !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { + if (msg_ret != NULL) { + time_t until; +diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c +index 3a169ebc7..16a35d2be 100644 +--- a/src/kdc/dispatch.c ++++ b/src/kdc/dispatch.c +@@ -104,7 +104,7 @@ reseed_random(krb5_context kdc_err_context) + if (last_os_random == 0) + last_os_random = now; + /* Grab random data from OS every hour*/ +- if (now-last_os_random >= 60 * 60) { ++ if (ts_delta(now, last_os_random) >= 60 * 60) { + krb5_c_random_os_entropy(kdc_err_context, 0, NULL); + last_os_random = now; + } +diff --git a/src/lib/krb5/os/c_ustime.c b/src/lib/krb5/os/c_ustime.c +index 871d72183..68fb381f4 100644 +--- a/src/lib/krb5/os/c_ustime.c ++++ b/src/lib/krb5/os/c_ustime.c +@@ -102,17 +102,17 @@ krb5_crypto_us_timeofday(krb5_int32 *seconds, krb5_int32 *microseconds) + putting now.sec in the past. But don't just use '<' because we + need to properly handle the case where the administrator intentionally + adjusted time backwards. */ +- if ((now.sec == last_time.sec-1) || +- ((now.sec == last_time.sec) && (now.usec <= last_time.usec))) { ++ if (now.sec == ts_incr(last_time.sec, -1) || ++ (now.sec == last_time.sec && !ts_after(last_time.usec, now.usec))) { + /* Correct 'now' to be exactly one microsecond later than 'last_time'. + Note that _because_ we perform this hack, 'now' may be _earlier_ + than 'last_time', even though the system time is monotonically + increasing. */ + + now.sec = last_time.sec; +- now.usec = ++last_time.usec; ++ now.usec = ts_incr(last_time.usec, 1); + if (now.usec >= 1000000) { +- ++now.sec; ++ now.sec = ts_incr(now.sec, 1); + now.usec = 0; + } + } +diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c +index a19246128..74c315c90 100644 +--- a/src/lib/krb5/os/trace.c ++++ b/src/lib/krb5/os/trace.c +@@ -350,7 +350,7 @@ krb5int_trace(krb5_context context, const char *fmt, ...) + goto cleanup; + if (krb5_crypto_us_timeofday(&sec, &usec) != 0) + goto cleanup; +- if (asprintf(&msg, "[%d] %d.%d: %s\n", (int) getpid(), (int) sec, ++ if (asprintf(&msg, "[%d] %u.%d: %s\n", (int) getpid(), (unsigned int) sec, + (int) usec, str) < 0) + goto cleanup; + info.message = msg; |