[krbdev.mit.edu #8352] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Tue May 16 12:08:29 EDT 2017
Make timestamp manipulations y2038-safe
Wherever we manipulate krb5_timestamp values using arithmetic,
comparison operations, or conversion to time_t, use the new helper
functions in k5-int.h to ensure that the operations work after y2038
and do not exhibit undefined behavior. (Relying on
implementation-defined conversion to signed values is okay as we test
that in configure.in.)
In printf format strings, use %u instead of signed types. When
exporting creds with k5_json_array_fmt(), use a long long so that
timestamps after y2038 aren't marshalled as negative numbers. When
parsing timestamps in test programs, use atoll() instead of atol() so
that positive timestamps after y2038 can be used as input.
In ksu and klist, make printtime() take a krb5_timestamp parameter to
avoid an unnecessary conversion to time_t and back.
As Leash does not use k5-int.h, use time_t values internally and
safely convert from libkrb5 timestamp values.
https://github.com/krb5/krb5/commit/a9cbbf0899f270fbb14f63ffbed1b6d542333641
Author: Greg Hudson <ghudson at mit.edu>
Commit: a9cbbf0899f270fbb14f63ffbed1b6d542333641
Branch: master
src/clients/kinit/kinit.c | 2 +-
src/clients/klist/klist.c | 22 ++++-------
src/clients/ksu/ccache.c | 22 +++--------
src/clients/ksu/ksu.h | 2 +-
src/kadmin/cli/getdate.y | 2 +-
src/kadmin/cli/kadmin.c | 5 +-
src/kadmin/dbutil/dump.c | 27 +++++++------
src/kadmin/dbutil/kdb5_mkey.c | 6 +-
src/kadmin/dbutil/tabdump.c | 2 +-
src/kadmin/testing/util/tcl_kadm5.c | 12 +++---
src/kdc/do_as_req.c | 2 +-
src/kdc/do_tgs_req.c | 6 +-
src/kdc/extern.c | 4 +-
src/kdc/fast_util.c | 4 +-
src/kdc/kdc_log.c | 14 +++---
src/kdc/kdc_util.c | 20 +++++-----
src/kdc/kdc_util.h | 2 +
src/kdc/replay.c | 2 +-
src/kdc/tgs_policy.c | 7 ++-
src/lib/gssapi/krb5/accept_sec_context.c | 8 ++-
src/lib/gssapi/krb5/acquire_cred.c | 13 ++++--
src/lib/gssapi/krb5/context_time.c | 2 +-
src/lib/gssapi/krb5/export_cred.c | 5 +-
src/lib/gssapi/krb5/iakerb.c | 4 +-
src/lib/gssapi/krb5/init_sec_context.c | 9 ++--
src/lib/gssapi/krb5/inq_context.c | 2 +-
src/lib/gssapi/krb5/inq_cred.c | 5 +-
src/lib/gssapi/krb5/s4u_gss_glue.c | 2 +-
src/lib/kadm5/chpass_util.c | 8 +---
src/lib/kadm5/srv/server_acl.c | 5 +-
src/lib/kadm5/srv/svr_principal.c | 12 +++---
src/lib/kdb/kdb5.c | 2 +-
src/lib/krb5/asn.1/asn1_k_encode.c | 3 +-
src/lib/krb5/ccache/cc_keyring.c | 14 ++++---
src/lib/krb5/ccache/cc_memory.c | 4 +-
src/lib/krb5/ccache/cc_retr.c | 4 +-
src/lib/krb5/ccache/ccapi/stdcc_util.c | 40 ++++++++++----------
src/lib/krb5/ccache/cccursor.c | 2 +-
src/lib/krb5/keytab/kt_file.c | 6 ++-
src/lib/krb5/krb/gc_via_tkt.c | 7 ++-
src/lib/krb5/krb/get_creds.c | 2 +-
src/lib/krb5/krb/get_in_tkt.c | 38 +++++-------------
src/lib/krb5/krb/gic_pwd.c | 4 +-
src/lib/krb5/krb/int-proto.h | 2 +-
src/lib/krb5/krb/pac.c | 2 +-
src/lib/krb5/krb/str_conv.c | 4 +-
src/lib/krb5/krb/t_kerb.c | 12 +-----
src/lib/krb5/krb/valid_times.c | 4 +-
src/lib/krb5/krb/vfy_increds.c | 2 +-
src/lib/krb5/os/timeofday.c | 2 +-
src/lib/krb5/os/toffset.c | 2 +-
src/lib/krb5/os/ustime.c | 6 +-
src/lib/krb5/rcache/rc_dfl.c | 3 +-
src/lib/krb5/rcache/t_replay.c | 8 ++--
src/plugins/kdb/db2/lockout.c | 8 ++--
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 2 +-
src/plugins/kdb/ldap/libkdb_ldap/lockout.c | 8 ++--
src/windows/cns/tktlist.c | 10 +++--
src/windows/include/leashwin.h | 12 +++---
src/windows/leash/KrbListTickets.cpp | 12 +++---
src/windows/leash/LeashView.cpp | 22 +++++-----
src/windows/leashdll/lshfunc.c | 2 +-
src/windows/ms2mit/ms2mit.c | 2 +-
63 files changed, 232 insertions(+), 257 deletions(-)
More information about the krb5-bugs
mailing list