lib:crypto: Check for overflow in GKDI rollover interval calculation

author Jo Sutton <josutton@catalyst.net.nz>

Sun, 18 Feb 2024 21:34:02 +0000 (10:34 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Fri, 1 Mar 2024 00:19:45 +0000 (00:19 +0000)
author Jo Sutton <josutton@catalyst.net.nz>
Sun, 18 Feb 2024 21:34:02 +0000 (10:34 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Fri, 1 Mar 2024 00:19:45 +0000 (00:19 +0000)
diff --git a/lib/crypto/gkdi.c b/lib/crypto/gkdi.c

index 66e1da18f344be8abbc66179c4eda4c40a8e483f..af00ea4217eb28858cb973d15412dde9f16c648c 100644 (file)
--- a/lib/crypto/gkdi.c
+++ b/lib/crypto/gkdi.c
@@ -241,7 +241,18 @@ bool gkid_less_than_or_equal_to(const struct Gkid g1, const struct Gkid g2)
  bool gkdi_rollover_interval(const int64_t managed_password_interval,
                             NTTIME *result)
  {
-       if (managed_password_interval < 0) {
+       /*
+        * This is actually a conservative reckoning. The interval could be one
+        * higher than this maximum and not overflow. But there’s no reason to
+        * support intervals that high (and Windows will start producing strange
+        * results for intervals beyond that).
+        */
+       const int64_t maximum_interval = UINT64_MAX / gkdi_key_cycle_duration *
+                                        10 / 24;
+
+       if (managed_password_interval < 0 ||
+           managed_password_interval > maximum_interval)
+       {
                 return false;
         }
author	Jo Sutton <josutton@catalyst.net.nz>
	Sun, 18 Feb 2024 21:34:02 +0000 (10:34 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Fri, 1 Mar 2024 00:19:45 +0000 (00:19 +0000)