From ae0fee058ad883b2e82fa2b34f4e5f059e827a1b Mon Sep 17 00:00:00 2001
From: Ken Raeburn <raeburn@mit.edu>
Date: Wed, 14 Mar 2007 00:35:06 +0000
Subject: [PATCH] * include/k5-platform.h: Add load_{16,32,64}_n for loading
 values from (possibly unaligned) memory in native order. *
 lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): Fetch four random bytes from
 the crypto library and generate a 31-bit (non-negative) nonce, instead of
 using the timestamp.

ticket: 5425

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19223 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/include/k5-platform.h     | 24 ++++++++++++++++++++++++
 src/lib/krb5/krb/get_in_tkt.c | 17 +++++++++++++++--
 2 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h
index 876335f94..27f85846a 100644
--- a/src/include/k5-platform.h
+++ b/src/include/k5-platform.h
@@ -39,6 +39,8 @@
 #define K5_PLATFORM_H
 
 #include "autoconf.h"
+/* for memcpy */
+#include <string.h>
 
 /* Initialization and finalization function support for libraries.
 
@@ -655,6 +657,28 @@ load_64_le (const unsigned char *p)
 #endif
 }
 
+static inline unsigned short
+load_16_n (const unsigned char *p)
+{
+    uint16_t n;
+    memcpy(&n, p, 2);
+    return n;
+}
+static inline unsigned int
+load_32_n (const unsigned char *p)
+{
+    uint32_t n;
+    memcpy(&n, p, 4);
+    return n;
+}
+static inline UINT64_TYPE
+load_64_n (const unsigned char *p)
+{
+    UINT64_TYPE n;
+    memcpy(&n, p, 8);
+    return n;
+}
+
 /* Make the interfaces to getpwnam and getpwuid consistent.
    Model the wrappers on the POSIX thread-safe versions, but
    use the unsafe system versions if the safe ones don't exist
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 937cdc4c9..81f97dac8 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1084,8 +1084,21 @@ krb5_get_init_creds(krb5_context context,
      * XXX we know they are the same size... and we should do
      * something better than just the current time
      */
-    request.nonce = (krb5_int32) time_now;
-
+    {
+	unsigned char random_buf[4];
+	krb5_data random_data;
+
+	random_data.length = 4;
+	random_data.data = random_buf;
+	if (krb5_c_random_make_octets(context, &random_data) == 0)
+	    /* See RT ticket 3196 at MIT.  If we set the high bit, we
+	       may have compatibility problems with Heimdal, because
+	       we (incorrectly) encode this value as signed.  */
+	    request.nonce = 0x7fffffff & load_32_n(random_buf);
+	else
+	    /* XXX  Yuck.  Old version.  */
+	    request.nonce = (krb5_int32) time_now;
+    }
     /* give the preauth plugins a chance to prep the request body */
     krb5_preauth_prepare_request(context, options, &request);
     ret = encode_krb5_kdc_req_body(&request, &encoded_request_body);
-- 
2.26.2