Subject: security/9098: kinit kerberos lifetime calculates incrrectly
To: None <gnats-bugs@gnats.netbsd.org>
From: Christian E. Hopps <chopps@scotch.merit.edu>
List: netbsd-bugs
Date: 01/01/2000 09:30:53
>Number: 9098
>Category: security
>Synopsis: kinit kerberos lifetime calculates incrrectly
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: security-officer (NetBSD Security Officer)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Jan 1 09:30:01 2000
>Last-Modified:
>Originator: Christian E. Hopps
>Organization:
None
>Release: 1.4.1
>Environment:
System: NetBSD scotch.merit.edu 1.4.1 NetBSD 1.4.1 (SCOTCH.v6) #0: Wed Nov 17 23:59:07 EST 1999 chopps@scotch.merit.edu:/hope/NetBSD/kame/netbsd/sys/arch/i386/compile/SCOTCH.v6 i386
>Description:
kinit incorrectly calculates the lifetime for a ticket when
specified by the user.
>How-To-Repeat:
specify a ticket lifetime with kinit and then klist to see it
has been set incorrectly.
>Fix:
this patch appears to fix the problem:
Index: kinit.c
===================================================================
RCS file: /cvsroot/cryptosrc-us/crypto-us/usr.bin/kinit/kinit.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 kinit.c
--- kinit.c 1995/12/22 07:27:33 1.1.1.1
+++ kinit.c 2000/01/01 17:27:29
@@ -160,7 +160,7 @@
if (lifetime < 5)
lifetime = 1;
else
- lifetime /= krb_time_to_life(0, lifetime*60);
+ lifetime = krb_time_to_life(0, lifetime*60);
/* This should be changed if the maximum ticket lifetime */
/* changes */
if (lifetime > 255)
>Audit-Trail:
>Unformatted: