On Fri, 2015-09-25 at 12:18 -0400, Nathaniel McCallum wrote:
> Temporarily storing the offset time in an unsigned integer causes the
> value of the offset to underflow when a (valid) negative offset value
> is generated. Using a signed variable avoids this problem.

This new version makes the patch smaller.
From d45ab61524c9ef4b14cb7badbf662b90200feb77 Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccal...@redhat.com>
Date: Fri, 25 Sep 2015 11:35:03 -0400
Subject: [PATCH] Fix an integer underflow bug in libotp

Temporarily storing the offset time in an unsigned integer causes the
value of the offset to underflow when a (valid) negative offset value
is generated. Using a signed variable avoids this problem.
---
 daemons/ipa-slapi-plugins/libotp/otp_token.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/libotp/otp_token.c b/daemons/ipa-slapi-plugins/libotp/otp_token.c
index 9b90c6a1137b468103d73cd85fd7e0fcafcee616..a3cbfb0621c071f8addb29f7ce02f870a807c61d 100644
--- a/daemons/ipa-slapi-plugins/libotp/otp_token.c
+++ b/daemons/ipa-slapi-plugins/libotp/otp_token.c
@@ -199,10 +199,10 @@ static bool validate(struct otp_token *token, time_t now, ssize_t step,
     case TYPE_TOTP:
         /* Perform optional synchronization steps. */
         if (second != NULL) {
-            tmp = (step - now / token->totp.step) * token->totp.step;
-            if (!writeattr(token, T("clockOffset"), tmp))
+            long long off = (step - now / token->totp.step) * token->totp.step;
+            if (!writeattr(token, T("clockOffset"), off))
                 return false;
-            token->totp.offset = tmp;
+            token->totp.offset = off;
         }
         token->totp.watermark = step;
         break;
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to