base/SOURCES/Fix-more-time-manipulations...

From 006c68f6ed266d5ea7a24512349a931f45160cc6 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 17 May 2017 14:52:09 -0400
Subject: [PATCH] Fix more time manipulations for y2038

Use timestamp helper functions to ensure that more operations are safe
after y2038, and display the current timestamp as unsigned in
krb5int_trace().

ticket: 8352
(cherry picked from commit a60db180211a383bd382afe729e9309acb8dcf53)
---
 src/kadmin/server/misc.c   | 2 +-
 src/kdc/dispatch.c         | 2 +-
 src/lib/krb5/os/c_ustime.c | 8 ++++----
 src/lib/krb5/os/trace.c    | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c
index 27a6376af..a75b65a26 100644
--- a/src/kadmin/server/misc.c
+++ b/src/kadmin/server/misc.c
@@ -184,7 +184,7 @@ check_min_life(void *server_handle, krb5_principal principal,
             (void) kadm5_free_principal_ent(handle->lhandle, &princ);
             return (ret == KADM5_UNK_POLICY) ? 0 : ret;
         }
-        if((now - princ.last_pwd_change) < pol.pw_min_life &&
+        if(ts_delta(now, princ.last_pwd_change) < pol.pw_min_life &&
            !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
             if (msg_ret != NULL) {
                 time_t until;
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
index 3a169ebc7..16a35d2be 100644
--- a/src/kdc/dispatch.c
+++ b/src/kdc/dispatch.c
@@ -104,7 +104,7 @@ reseed_random(krb5_context kdc_err_context)
         if (last_os_random == 0)
             last_os_random = now;
         /* Grab random data from OS every hour*/
-        if (now-last_os_random >= 60 * 60) {
+        if (ts_delta(now, last_os_random) >= 60 * 60) {
             krb5_c_random_os_entropy(kdc_err_context, 0, NULL);
             last_os_random = now;
         }
diff --git a/src/lib/krb5/os/c_ustime.c b/src/lib/krb5/os/c_ustime.c
index 871d72183..68fb381f4 100644
--- a/src/lib/krb5/os/c_ustime.c
+++ b/src/lib/krb5/os/c_ustime.c
@@ -102,17 +102,17 @@ krb5_crypto_us_timeofday(krb5_int32 *seconds, krb5_int32 *microseconds)
        putting now.sec in the past.  But don't just use '<' because we
        need to properly handle the case where the administrator intentionally
        adjusted time backwards. */
-    if ((now.sec == last_time.sec-1) ||
-        ((now.sec == last_time.sec) && (now.usec <= last_time.usec))) {
+    if (now.sec == ts_incr(last_time.sec, -1) ||
+        (now.sec == last_time.sec && !ts_after(last_time.usec, now.usec))) {
         /* Correct 'now' to be exactly one microsecond later than 'last_time'.
            Note that _because_ we perform this hack, 'now' may be _earlier_
            than 'last_time', even though the system time is monotonically
            increasing. */

         now.sec = last_time.sec;
-        now.usec = ++last_time.usec;
+        now.usec = ts_incr(last_time.usec, 1);
         if (now.usec >= 1000000) {
-            ++now.sec;
+            now.sec = ts_incr(now.sec, 1);
             now.usec = 0;
         }
     }
diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c
index a19246128..74c315c90 100644
--- a/src/lib/krb5/os/trace.c
+++ b/src/lib/krb5/os/trace.c
@@ -350,7 +350,7 @@ krb5int_trace(krb5_context context, const char *fmt, ...)
         goto cleanup;
     if (krb5_crypto_us_timeofday(&sec, &usec) != 0)
         goto cleanup;
-    if (asprintf(&msg, "[%d] %d.%d: %s\n", (int) getpid(), (int) sec,
+    if (asprintf(&msg, "[%d] %u.%d: %s\n", (int) getpid(), (unsigned int) sec,
                  (int) usec, str) < 0)
         goto cleanup;
     info.message = msg;
krb5 package update Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org> 7 years ago			`From 006c68f6ed266d5ea7a24512349a931f45160cc6 Mon Sep 17 00:00:00 2001`
			`From: Greg Hudson <ghudson@mit.edu>`
			`Date: Wed, 17 May 2017 14:52:09 -0400`
			`Subject: [PATCH] Fix more time manipulations for y2038`

			`Use timestamp helper functions to ensure that more operations are safe`
			`after y2038, and display the current timestamp as unsigned in`
			`krb5int_trace().`

			`ticket: 8352`
			`(cherry picked from commit a60db180211a383bd382afe729e9309acb8dcf53)`
			`---`
			`src/kadmin/server/misc.c \| 2 +-`
			`src/kdc/dispatch.c \| 2 +-`
			`src/lib/krb5/os/c_ustime.c \| 8 ++++----`
			`src/lib/krb5/os/trace.c \| 2 +-`
			`4 files changed, 7 insertions(+), 7 deletions(-)`

			`diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c`
			`index 27a6376af..a75b65a26 100644`
			`--- a/src/kadmin/server/misc.c`
			`+++ b/src/kadmin/server/misc.c`
			`@@ -184,7 +184,7 @@ check_min_life(void *server_handle, krb5_principal principal,`
			`(void) kadm5_free_principal_ent(handle->lhandle, &princ);`
			`return (ret == KADM5_UNK_POLICY) ? 0 : ret;`
			`}`
			`- if((now - princ.last_pwd_change) < pol.pw_min_life &&`
			`+ if(ts_delta(now, princ.last_pwd_change) < pol.pw_min_life &&`
			`!(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {`
			`if (msg_ret != NULL) {`
			`time_t until;`
			`diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c`
			`index 3a169ebc7..16a35d2be 100644`
			`--- a/src/kdc/dispatch.c`
			`+++ b/src/kdc/dispatch.c`
			`@@ -104,7 +104,7 @@ reseed_random(krb5_context kdc_err_context)`
			`if (last_os_random == 0)`
			`last_os_random = now;`
			`/* Grab random data from OS every hour*/`
			`- if (now-last_os_random >= 60 * 60) {`
			`+ if (ts_delta(now, last_os_random) >= 60 * 60) {`
			`krb5_c_random_os_entropy(kdc_err_context, 0, NULL);`
			`last_os_random = now;`
			`}`
			`diff --git a/src/lib/krb5/os/c_ustime.c b/src/lib/krb5/os/c_ustime.c`
			`index 871d72183..68fb381f4 100644`
			`--- a/src/lib/krb5/os/c_ustime.c`
			`+++ b/src/lib/krb5/os/c_ustime.c`
			`@@ -102,17 +102,17 @@ krb5_crypto_us_timeofday(krb5_int32 seconds, krb5_int32 microseconds)`
			`putting now.sec in the past. But don't just use '<' because we`
			`need to properly handle the case where the administrator intentionally`
			`adjusted time backwards. */`
			`- if ((now.sec == last_time.sec-1) \|\|`
			`- ((now.sec == last_time.sec) && (now.usec <= last_time.usec))) {`
			`+ if (now.sec == ts_incr(last_time.sec, -1) \|\|`
			`+ (now.sec == last_time.sec && !ts_after(last_time.usec, now.usec))) {`
			`/* Correct 'now' to be exactly one microsecond later than 'last_time'.`
			`Note that _because_ we perform this hack, 'now' may be _earlier_`
			`than 'last_time', even though the system time is monotonically`
			`increasing. */`

			`now.sec = last_time.sec;`
			`- now.usec = ++last_time.usec;`
			`+ now.usec = ts_incr(last_time.usec, 1);`
			`if (now.usec >= 1000000) {`
			`- ++now.sec;`
			`+ now.sec = ts_incr(now.sec, 1);`
			`now.usec = 0;`
			`}`
			`}`
			`diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c`
			`index a19246128..74c315c90 100644`
			`--- a/src/lib/krb5/os/trace.c`
			`+++ b/src/lib/krb5/os/trace.c`
			`@@ -350,7 +350,7 @@ krb5int_trace(krb5_context context, const char *fmt, ...)`
			`goto cleanup;`
			`if (krb5_crypto_us_timeofday(&sec, &usec) != 0)`
			`goto cleanup;`
			`- if (asprintf(&msg, "[%d] %d.%d: %s\n", (int) getpid(), (int) sec,`
			`+ if (asprintf(&msg, "[%d] %u.%d: %s\n", (int) getpid(), (unsigned int) sec,`
			`(int) usec, str) < 0)`
			`goto cleanup;`
			`info.message = msg;`