krb5 commit [krb5-1.12]: Fix LDAP ticket policies on big-endian LP64

Tom Yu tlyu at mit.edu
Fri May 15 16:12:34 EDT 2015


https://github.com/krb5/krb5/commit/3d56ca44fc331bc6dfd0ee114b7f185d0ac55a2a
commit 3d56ca44fc331bc6dfd0ee114b7f185d0ac55a2a
Author: Greg Hudson <ghudson at mit.edu>
Date:   Mon Apr 13 13:09:20 2015 -0400

    Fix LDAP ticket policies on big-endian LP64
    
    krb5_ldap_get_value() takes a pointer to int, and should not be passed
    a pointer to any integral type which might have a different width.
    Use an intermediate variable for each call.
    
    The erroneous calls in ldap_misc.c were passing pointers to int32_t,
    which is harmless on all common platforms.  The calls in
    ldap_tkt_policy.c were passing pointers to long; on big-endian LP64
    platforms, the result would be written to the high 32 bits of the long
    value.
    
    (cherry picked from commit 7fbc092107298bded216fbce4cff6592275bff03)
    (back ported from commit 50913c7372c5c13a1270d6823f914e07ce0563ba)
    
    ticket: 8193 (new)
    version_fixed: 1.12.4
    status: resolved

 src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c       |   16 +++++++++-------
 src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c |   16 ++++++++++------
 2 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
index abefcf5..ef2541b 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -1725,18 +1725,20 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context,
     }
 
     /* KRBMAXTICKETLIFE */
-    if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &(entry->max_life)) == 0)
+    if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife",  &val) == 0) {
+        entry->max_life = val;
         mask |= KDB_MAX_LIFE_ATTR;
-
+    }
     /* KRBMAXRENEWABLEAGE */
-    if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage",
-                            &(entry->max_renewable_life)) == 0)
+    if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &val) == 0) {
+        entry->max_renewable_life = val;
         mask |= KDB_MAX_RLIFE_ATTR;
-
+    }
     /* KRBTICKETFLAGS */
-    if (krb5_ldap_get_value(ld, ent, "krbticketflags", &(entry->attributes)) == 0)
+    if (krb5_ldap_get_value(ld, ent, "krbticketflags", &val) == 0) {
+        entry->attributes = val;
         mask |= KDB_TKT_FLAGS_ATTR;
-
+    }
     /* PRINCIPAL EXPIRATION TIME */
     if ((st=krb5_ldap_get_time(ld, ent, "krbprincipalexpiration", &(entry->expiration),
                                &attr_present)) != 0)
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
index 02d8e7c..3a851a9 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
@@ -193,7 +193,7 @@ krb5_ldap_read_policy(krb5_context context, char *policyname,
                       krb5_ldap_policy_params **policy, int *omask)
 {
     krb5_error_code             st=0, tempst=0;
-    int                         objectmask=0;
+    int                         objectmask=0, val=0;
     LDAP                        *ld=NULL;
     LDAPMessage                 *result=NULL,*ent=NULL;
     char                        *attributes[] = { "krbMaxTicketLife", "krbMaxRenewableAge", "krbTicketFlags", NULL};
@@ -241,14 +241,18 @@ krb5_ldap_read_policy(krb5_context context, char *policyname,
 
     ent=ldap_first_entry(ld, result);
     if (ent != NULL) {
-        if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", (int *) &(lpolicy->maxtktlife)) == 0)
+        if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &val) == 0) {
+            lpolicy->maxtktlife = val;
             *omask |= LDAP_POLICY_MAXTKTLIFE;
-
-        if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", (int *) &(lpolicy->maxrenewlife)) == 0)
+        }
+        if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &val) == 0) {
+            lpolicy->maxrenewlife = val;
             *omask |= LDAP_POLICY_MAXRENEWLIFE;
-
-        if (krb5_ldap_get_value(ld, ent, "krbticketflags", (int *) &(lpolicy->tktflags)) == 0)
+        }
+        if (krb5_ldap_get_value(ld, ent, "krbticketflags", &val) == 0) {
+            lpolicy->tktflags = val;
             *omask |= LDAP_POLICY_TKTFLAGS;
+        }
     }
 
     lpolicy->mask = *omask;


More information about the cvs-krb5 mailing list