[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
kinit --renewable malfunctioning.
I have heimdal 0.6 running in Linux and Solaris 9 machines. Since last
monday I started to have problems with the kinit command. When I run
kinit with the --renewable option Im getting a Password Incorrect
message.
The problem is an integer overflow in the init_cred() function:
...
if ((options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE) &&
options->renew_life > 0) {
==> cred->times.renew_till = now + options->renew_life;
}
....
options->renew_life was previously set to 2**30. in the
get_new_tickets() function:
...
if(renew_life) {
renew = parse_time (renew_life, "s");
if (renew < 0)
errx (1, "unparsable time: %s", renew_life);
krb5_get_init_creds_opt_set_renew_life (&opt, renew);
} else if (renewable_flag == 1)
==> krb5_get_init_creds_opt_set_renew_life (&opt, 1 << 30);
...
So when you add the now variable to the options->renew_life you get an
overflow.
I change the parameter in the krb5_get_init_creds_opt_set_renew_life to
the max renewable set to a principal (3 months). Now there is no buffer
overflow and kinit --renewable is working right.
I don't now the reason behind to initialize options->renew_life to
2**30. I think must be initialized with other value.
Thanks.