This bug caused negative token windows to wrap-around, causing issues
with TOTP authentication and (especially) synchronization.
https://fedorahosted.org/freeipa/ticket/4990
From 12fadccfbea009196e1e0f2efeee7258c68981ca Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccal...@redhat.com>
Date: Mon, 27 Apr 2015 10:23:49 -0400
Subject: [PATCH] Fix a signedness bug in OTP code
This bug caused negative token windows to wrap-around, causing issues
with TOTP authentication and (especially) synchronization.
https://fedorahosted.org/freeipa/ticket/4990
---
daemons/ipa-slapi-plugins/libotp/otp_token.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/libotp/otp_token.c b/daemons/ipa-slapi-plugins/libotp/otp_token.c
index bc6acc42c8a62dce2f8c715099786a5c0fcc8e07..9b90c6a1137b468103d73cd85fd7e0fcafcee616 100644
--- a/daemons/ipa-slapi-plugins/libotp/otp_token.c
+++ b/daemons/ipa-slapi-plugins/libotp/otp_token.c
@@ -489,7 +489,7 @@ bool otp_token_validate_berval(struct otp_token * const *tokens,
if (time(&now) == (time_t) -1)
return false;
- for (uint32_t i = 0, cnt = 1; cnt != 0; i++) {
+ for (ssize_t i = 0, cnt = 1; cnt != 0; i++) {
cnt = 0;
for (int j = 0; tokens[j] != NULL; j++) {
uint32_t *secondp = NULL;
@@ -513,8 +513,8 @@ bool otp_token_validate_berval(struct otp_token * const *tokens,
}
/* Validate the positive/negative steps. */
- if (!validate(tokens[j], now, i, first, secondp) &&
- !validate(tokens[j], now, 0 - i, first, secondp))
+ if (!validate(tokens[j], now, i, first, secondp) &&
+ !validate(tokens[j], now, -i, first, secondp))
continue;
/* Codes validated; strip. */
--
2.3.5
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
