[3178] in Kerberos-V5-bugs
krb5-libs/922: Overflow in time conversion routines
daemon@ATHENA.MIT.EDU (Ezra Peisach)
Thu Feb 15 15:01:11 2001
Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: krb5-unassigned@RT-11.mit.edu
Resent-Reply-To: krb5-bugs@MIT.EDU, epeisach@engrailed.mit.edu
Message-Id: <200102151959.OAA18775@engrailed.mit.edu>
Date: Thu, 15 Feb 2001 14:59:09 -0500 (EST)
From: epeisach@engrailed.mit.edu (Ezra Peisach)
Reply-To: epeisach@engrailed.mit.edu
To: krb5-bugs@MIT.EDU
Cc: Ann-Marie.Westgate@ireland.sun.com
>Number: 922
>Category: krb5-libs
>Synopsis: Overflow in time conversion routines
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Feb 15 15:01:00 EST 2001
>Last-Modified:
>Originator: Ezra Peisach
>Organization:
MIT
>Release: krb5-1.2
>Environment:
OSF 4.0a
System: IRIX64 engrailed 6.5 07151440 IP30
>Description:
I am working on a kinit.c bug for Sun Microsystems and I have a few
questions. We are trying to fix the behaviour when a customer enters
a date very far in advance with the "kinit -s" option. For example,
if I do (with MIT's kinit)
kinit -s 1400d princname
I get a ticket for 2004. But if I do
kinit -s 100000d princname
I get a ticket for today.
questions:
- where was the 100000d rejected? My guess is that there was
an integer overflow in a time conversion routine or something.
- why is there not a warning issued when the 100000d was rejected,
and a default value given? (default to authtime?)
>How-To-Repeat:
Example above
>Fix:
I will submit a fix shortly...
There are two problems:
krb5_string_to_deltat does not handle overflows
krb5_string_to_timestamp mishandles timestamps of the nature
1000000d - it treats it as 10:00am.
>Audit-Trail:
>Unformatted:
