From b679ed1ac8cb5aeffd9b73969e19b2197ed0f05e Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 10 Jun 2011 20:01:23 +0000 Subject: [PATCH] Handle invalid intervals in lockout-related kadmin parameters ticket: 6911 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24966 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/cli/kadmin.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index fedee85b1..4935141ef 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -1638,12 +1638,17 @@ kadmin_parse_policy_args(int argc, char *argv[], kadm5_policy_ent_t policy, if (++i > argc - 2) return -1; else { - date = get_date(argv[i]); /* Allow bare numbers for compatibility with 1.8-1.9. */ - if (date == (time_t)-1 && isdigit(*argv[i])) - policy->pw_failcnt_interval = atoi(argv[i]); - else + date = get_date(argv[i]); + if (date != (time_t)-1) policy->pw_failcnt_interval = date - now; + else if (isdigit(*argv[i])) + policy->pw_failcnt_interval = atoi(argv[i]); + else { + fprintf(stderr, _("Invalid date specification \"%s\".\n"), + argv[i]); + return -1; + } *mask |= KADM5_PW_FAILURE_COUNT_INTERVAL; continue; } @@ -1652,12 +1657,17 @@ kadmin_parse_policy_args(int argc, char *argv[], kadm5_policy_ent_t policy, if (++i > argc - 2) return -1; else { - date = get_date(argv[i]); /* Allow bare numbers for compatibility with 1.8-1.9. */ - if (date == (time_t)-1 && isdigit(*argv[i])) - policy->pw_lockout_duration = atoi(argv[i]); - else + date = get_date(argv[i]); + if (date != (time_t)-1) policy->pw_lockout_duration = date - now; + else if (isdigit(*argv[i])) + policy->pw_lockout_duration = atoi(argv[i]); + else { + fprintf(stderr, _("Invalid date specification \"%s\".\n"), + argv[i]); + return -1; + } *mask |= KADM5_PW_LOCKOUT_DURATION; continue; } -- 2.26.2