Arnd Bergmann [off-list ref] wrote:

quoted

@@ -533,8 +536,9 @@ static int rxrpc_preparse_xdr_rxk5(struct key_preparsed_payload *prep,
             pptoken = &(*pptoken)->next)
                continue;
        *pptoken = token;
-       if (token->kad->expiry < prep->expiry)
-               prep->expiry = token->kad->expiry;

...

I'm still slightly puzzled by what this function does: it does have four
timestamps (authtime, starttime, endtime, renew_till) that are all
transferred as 64-bit values and won't expire, but then it also uses the
32-bit expiry field in rxrpc_key_token->kad->expiry instead of the 64-bit
rxrpc_key_token->k5 fields.

Good catch.  This is a cut'n'paste error.  It should be using
token->k5->expiry here not token->kad->expiry.

This appears to overlay the first 32 bits of the
rxrpc_key_token->k5->starttime field, which is also a time value on
little-endian architectures by chance, but I would assume that it's always
in the past, meaning the keys would already be expired.

Yeah - I'm not sure why it works.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html