Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
bool gkdi_rollover_interval(const int64_t managed_password_interval,
NTTIME *result)
{
- if (managed_password_interval < 0) {
+ /*
+ * This is actually a conservative reckoning. The interval could be one
+ * higher than this maximum and not overflow. But there’s no reason to
+ * support intervals that high (and Windows will start producing strange
+ * results for intervals beyond that).
+ */
+ const int64_t maximum_interval = UINT64_MAX / gkdi_key_cycle_duration *
+ 10 / 24;
+
+ if (managed_password_interval < 0 ||
+ managed_password_interval > maximum_interval)
+ {
return false;
}