freeipa

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments.  |  http://www.freeipa.org/

Commit 9e3eead Fix an integer underflow bug in libotp

1 file Authored by npmccallum 2 years ago , Committed by tbabej 2 years ago ,
Fix an integer underflow bug in libotp

Temporarily storing the offset time in an unsigned integer causes the
value of the offset to underflow when a (valid) negative offset value
is generated. Using a signed variable avoids this problem.

https://fedorahosted.org/freeipa/ticket/5333

Reviewed-By: Tomas Babej <tbabej@redhat.com>

    
 1 @@ -199,10 +199,10 @@
 2       case TYPE_TOTP:
 3           /* Perform optional synchronization steps. */
 4           if (second != NULL) {
 5 -             tmp = (step - now / token->totp.step) * token->totp.step;
 6 -             if (!writeattr(token, T("clockOffset"), tmp))
 7 +             long long off = (step - now / token->totp.step) * token->totp.step;
 8 +             if (!writeattr(token, T("clockOffset"), off))
 9                   return false;
10 -             token->totp.offset = tmp;
11 +             token->totp.offset = off;
12           }
13           token->totp.watermark = step;
14           break;