Blame SOURCES/Fix-more-time-manipulations-for-y2038.patch

749169
From 5fd12bd6e550bc178923b25abc30d8f7c250837a Mon Sep 17 00:00:00 2001
e58a44
From: Greg Hudson <ghudson@mit.edu>
e58a44
Date: Wed, 17 May 2017 14:52:09 -0400
e58a44
Subject: [PATCH] Fix more time manipulations for y2038
e58a44
e58a44
Use timestamp helper functions to ensure that more operations are safe
e58a44
after y2038, and display the current timestamp as unsigned in
e58a44
krb5int_trace().
e58a44
e58a44
ticket: 8352
e58a44
(cherry picked from commit a60db180211a383bd382afe729e9309acb8dcf53)
e58a44
---
e58a44
 src/kadmin/server/misc.c   | 2 +-
e58a44
 src/kdc/dispatch.c         | 2 +-
e58a44
 src/lib/krb5/os/c_ustime.c | 8 ++++----
e58a44
 src/lib/krb5/os/trace.c    | 2 +-
e58a44
 4 files changed, 7 insertions(+), 7 deletions(-)
e58a44
e58a44
diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c
e58a44
index 27a6376af..a75b65a26 100644
e58a44
--- a/src/kadmin/server/misc.c
e58a44
+++ b/src/kadmin/server/misc.c
e58a44
@@ -184,7 +184,7 @@ check_min_life(void *server_handle, krb5_principal principal,
e58a44
             (void) kadm5_free_principal_ent(handle->lhandle, &princ);
e58a44
             return (ret == KADM5_UNK_POLICY) ? 0 : ret;
e58a44
         }
e58a44
-        if((now - princ.last_pwd_change) < pol.pw_min_life &&
e58a44
+        if(ts_delta(now, princ.last_pwd_change) < pol.pw_min_life &&
e58a44
            !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
e58a44
             if (msg_ret != NULL) {
e58a44
                 time_t until;
e58a44
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
e58a44
index 3a169ebc7..16a35d2be 100644
e58a44
--- a/src/kdc/dispatch.c
e58a44
+++ b/src/kdc/dispatch.c
e58a44
@@ -104,7 +104,7 @@ reseed_random(krb5_context kdc_err_context)
e58a44
         if (last_os_random == 0)
e58a44
             last_os_random = now;
e58a44
         /* Grab random data from OS every hour*/
e58a44
-        if (now-last_os_random >= 60 * 60) {
e58a44
+        if (ts_delta(now, last_os_random) >= 60 * 60) {
e58a44
             krb5_c_random_os_entropy(kdc_err_context, 0, NULL);
e58a44
             last_os_random = now;
e58a44
         }
e58a44
diff --git a/src/lib/krb5/os/c_ustime.c b/src/lib/krb5/os/c_ustime.c
e58a44
index 871d72183..68fb381f4 100644
e58a44
--- a/src/lib/krb5/os/c_ustime.c
e58a44
+++ b/src/lib/krb5/os/c_ustime.c
e58a44
@@ -102,17 +102,17 @@ krb5_crypto_us_timeofday(krb5_int32 *seconds, krb5_int32 *microseconds)
e58a44
        putting now.sec in the past.  But don't just use '<' because we
e58a44
        need to properly handle the case where the administrator intentionally
e58a44
        adjusted time backwards. */
e58a44
-    if ((now.sec == last_time.sec-1) ||
e58a44
-        ((now.sec == last_time.sec) && (now.usec <= last_time.usec))) {
e58a44
+    if (now.sec == ts_incr(last_time.sec, -1) ||
e58a44
+        (now.sec == last_time.sec && !ts_after(last_time.usec, now.usec))) {
e58a44
         /* Correct 'now' to be exactly one microsecond later than 'last_time'.
e58a44
            Note that _because_ we perform this hack, 'now' may be _earlier_
e58a44
            than 'last_time', even though the system time is monotonically
e58a44
            increasing. */
e58a44
 
e58a44
         now.sec = last_time.sec;
e58a44
-        now.usec = ++last_time.usec;
e58a44
+        now.usec = ts_incr(last_time.usec, 1);
e58a44
         if (now.usec >= 1000000) {
e58a44
-            ++now.sec;
e58a44
+            now.sec = ts_incr(now.sec, 1);
e58a44
             now.usec = 0;
e58a44
         }
e58a44
     }
e58a44
diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c
e58a44
index a19246128..74c315c90 100644
e58a44
--- a/src/lib/krb5/os/trace.c
e58a44
+++ b/src/lib/krb5/os/trace.c
e58a44
@@ -350,7 +350,7 @@ krb5int_trace(krb5_context context, const char *fmt, ...)
e58a44
         goto cleanup;
e58a44
     if (krb5_crypto_us_timeofday(&sec, &usec) != 0)
e58a44
         goto cleanup;
e58a44
-    if (asprintf(&msg, "[%d] %d.%d: %s\n", (int) getpid(), (int) sec,
e58a44
+    if (asprintf(&msg, "[%d] %u.%d: %s\n", (int) getpid(), (unsigned int) sec,
e58a44
                  (int) usec, str) < 0)
e58a44
         goto cleanup;
e58a44
     info.message = msg;