aboutsummaryrefslogtreecommitdiff
path: root/lib/gssapi/krb5/init_sec_context.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/gssapi/krb5/init_sec_context.c')
-rw-r--r--lib/gssapi/krb5/init_sec_context.c16
1 files changed, 14 insertions, 2 deletions
diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c
index 4ef5c9c7123a..21ac554efd4f 100644
--- a/lib/gssapi/krb5/init_sec_context.c
+++ b/lib/gssapi/krb5/init_sec_context.c
@@ -600,7 +600,19 @@ init_auth_restart
if (ret == 0) {
if (timedata.length == 4) {
const u_char *p = timedata.data;
- offset = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
+ if (p[0] < 128) {
+ offset = (p[0] <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
+ } else {
+ /*
+ * (p[0] << 24), if p[0] > 127 -> offset is negative, but *p is
+ * positive, so this is overflow -- overflow we want, but UBSAN
+ * flags it.
+ *
+ * NOTE: We assume the platform is a twos-complement platform.
+ */
+ offset = INT32_MIN;
+ offset |= ((p[0] & 0x7f) <<24) | (p[1] << 16) | (p[2] << 8) | (p[3] << 0);
+ }
}
krb5_data_free(&timedata);
}
@@ -921,7 +933,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context
time_rec);
if (ret != GSS_S_COMPLETE)
break;
- /* FALL THOUGH */
+ /* FALLTHROUGH */
case INITIATOR_RESTART:
ret = init_auth_restart(minor_status,
cred,
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-27 08:14:28 +0000