[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kinit --renewable malfunctioning.

I have heimdal 0.6 running in Linux and Solaris 9 machines. Since last
monday I started to have problems with the kinit command. When I run
kinit with the --renewable option Im getting a Password Incorrect

The problem is an integer overflow in the init_cred() function:

  if ((options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE) &&
	options->renew_life > 0) {
==>	cred->times.renew_till = now + options->renew_life;
options->renew_life was previously set to 2**30. in the
get_new_tickets() function:
if(renew_life) {
	renew = parse_time (renew_life, "s");
	if (renew < 0)
	    errx (1, "unparsable time: %s", renew_life);

	krb5_get_init_creds_opt_set_renew_life (&opt, renew);
} else if (renewable_flag == 1)
==>	krb5_get_init_creds_opt_set_renew_life (&opt, 1 << 30);

So when you add the now variable to the options->renew_life you get an

I change the parameter in the krb5_get_init_creds_opt_set_renew_life to
the max renewable set to a principal (3 months). Now there is no buffer
overflow and kinit --renewable is working right.

I don't now the reason behind to initialize options->renew_life to
2**30. I think must be initialized with other value.