[2186] in Kerberos-V5-bugs
Bug in lifetime handling in krb524d
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Mon Aug 26 18:54:16 1996
To: krb5-bugs@MIT.EDU
Date: Mon, 26 Aug 1996 18:54:08 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <1268.841100020.1@elvis.cmf.nrl.navy.mil>
I noticed today that krb524d has a problem when calculating ticket lifetime.
It uses the current time and subtracts the expiration time to get the
V4 ticket lifetime, instead of the start time. This is fine if you get your
V4 tickets right when you get your V5 tickets, but it doesn't work if you get
your V4 tickets later than your start time.
The following patch fixes this problem.
--Ken
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <1268.841100020.2@elvis.cmf.nrl.navy.mil>
Content-Description: patch to krb524d
--- src/krb524/cnv_tkt_skey.c.orig Mon Aug 26 18:42:51 1996
+++ src/krb524/cnv_tkt_skey.c Mon Aug 26 18:43:31 1996
@@ -111,7 +111,7 @@
}
if ( (server_time+context->clockskew >= v5etkt->times.starttime)
&& (server_time-context->clockskew <= v5etkt->times.endtime)) {
- deltatime = v5etkt->times.endtime - (server_time-context->clockskew);
+ deltatime = v5etkt->times.endtime - v5etkt->times.starttime;
lifetime = deltatime / 300;
/* if (lifetime > 255) lifetime = 255; */
if (lifetime > 127) {
------- =_aaaaaaaaaa0--
