[28857] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.13]: Fix LDAP ticket policies on big-endian LP64
daemon@ATHENA.MIT.EDU (Tom Yu)
Thu Apr 16 19:05:13 2015
Date: Thu, 16 Apr 2015 19:05:04 -0400
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201504162305.t3GN54qv017338@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/50913c7372c5c13a1270d6823f914e07ce0563ba
commit 50913c7372c5c13a1270d6823f914e07ce0563ba
Author: Greg Hudson <ghudson@mit.edu>
Date: Mon Apr 13 13:09:20 2015 -0400
Fix LDAP ticket policies on big-endian LP64
krb5_ldap_get_value() takes a pointer to int, and should not be passed
a pointer to any integral type which might have a different width.
Use an intermediate variable for each call.
The erroneous calls in ldap_misc.c were passing pointers to int32_t,
which is harmless on all common platforms. The calls in
ldap_tkt_policy.c were passing pointers to long; on big-endian LP64
platforms, the result would be written to the high 32 bits of the long
value.
(cherry picked from commit 7fbc092107298bded216fbce4cff6592275bff03)
ticket: 8166
version_fixed: 1.13.2
status: resolved
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 19 +++++++++----------
src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c | 16 ++++++++++------
2 files changed, 19 insertions(+), 16 deletions(-)
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
index 4a29aa5..aca8f31 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -1402,19 +1402,18 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context,
entry->fail_auth_count = val;
mask |= KDB_FAIL_AUTH_COUNT_ATTR;
}
-
- if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife",
- &entry->max_life) == 0)
+ if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &val) == 0) {
+ entry->max_life = val;
mask |= KDB_MAX_LIFE_ATTR;
-
- if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage",
- &entry->max_renewable_life) == 0)
+ }
+ if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &val) == 0) {
+ entry->max_renewable_life = val;
mask |= KDB_MAX_RLIFE_ATTR;
-
- if (krb5_ldap_get_value(ld, ent, "krbticketflags",
- &entry->attributes) == 0)
+ }
+ if (krb5_ldap_get_value(ld, ent, "krbticketflags", &val) == 0) {
+ entry->attributes = val;
mask |= KDB_TKT_FLAGS_ATTR;
-
+ }
ret = get_time(ld, ent, "krbprincipalexpiration", &entry->expiration,
&attr_present);
if (ret)
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
index 7e93685..16db7eb 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
@@ -193,7 +193,7 @@ krb5_ldap_read_policy(krb5_context context, char *policyname,
krb5_ldap_policy_params **policy, int *omask)
{
krb5_error_code st=0, tempst=0;
- int objectmask=0;
+ int objectmask=0, val=0;
LDAP *ld=NULL;
LDAPMessage *result=NULL,*ent=NULL;
char *attributes[] = { "krbMaxTicketLife", "krbMaxRenewableAge", "krbTicketFlags", NULL};
@@ -240,14 +240,18 @@ krb5_ldap_read_policy(krb5_context context, char *policyname,
ent=ldap_first_entry(ld, result);
if (ent != NULL) {
- if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", (int *) &(lpolicy->maxtktlife)) == 0)
+ if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &val) == 0) {
+ lpolicy->maxtktlife = val;
*omask |= LDAP_POLICY_MAXTKTLIFE;
-
- if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", (int *) &(lpolicy->maxrenewlife)) == 0)
+ }
+ if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &val) == 0) {
+ lpolicy->maxrenewlife = val;
*omask |= LDAP_POLICY_MAXRENEWLIFE;
-
- if (krb5_ldap_get_value(ld, ent, "krbticketflags", (int *) &(lpolicy->tktflags)) == 0)
+ }
+ if (krb5_ldap_get_value(ld, ent, "krbticketflags", &val) == 0) {
+ lpolicy->tktflags = val;
*omask |= LDAP_POLICY_TKTFLAGS;
+ }
}
lpolicy->mask = *omask;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
