IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-26 16:16:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix an integer underflow bug in libotp

Browse Source 
Temporarily storing the offset time in an unsigned integer causes the
value of the offset to underflow when a (valid) negative offset value
is generated. Using a signed variable avoids this problem.

https://fedorahosted.org/freeipa/ticket/5333

Reviewed-By: Tomas Babej <tbabej@redhat.com>
This commit is contained in:
Nathaniel McCallum 2015-09-25 11:35:03 -04:00 committed by Tomas Babej
parent 74da4f5870
commit 9e3eeadeb3
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
daemons/ipa-slapi-plugins/libotp/otp_token.c
View File

@ -199,10 +199,10 @@ static bool validate(struct otp_token *token, time_t now, ssize_t step,
case TYPE_TOTP:
/* Perform optional synchronization steps. */
if (second != NULL) {
tmp = (step - now / token->totp.step) * token->totp.step;
if (!writeattr(token, T("clockOffset"), tmp))
long long off = (step - now / token->totp.step) * token->totp.step;
if (!writeattr(token, T("clockOffset"), off))
return false;
token->totp.offset = tmp;
token->totp.offset = off;
}
token->totp.watermark = step;
break;