summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5
Commit message (Collapse)AuthorAgeFilesLines
...
* Two versions of resolver code were almost identical, so unify them and ↵Ken Raeburn2008-08-021-37/+11
| | | | | | reduce duplication. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20594 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out code to compute length of quoted name component and copy withKen Raeburn2008-08-021-78/+68
| | | | | | quoting into separate functions, to reduce code duplication. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20593 dc483132-0cff-0310-8789-dd5450dbe970
* Catch a few more cases of unchecked k5_mutex_lock callsKen Raeburn2008-07-221-1/+3
| | | | | | ticket: 5962 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20567 dc483132-0cff-0310-8789-dd5450dbe970
* Another check for null return from krb5_cc_default_nameKen Raeburn2008-07-211-11/+19
| | | | | | ticket: 5980 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20561 dc483132-0cff-0310-8789-dd5450dbe970
* Check for null name to krb5_cc_resolve, and return an errorKen Raeburn2008-07-211-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20560 dc483132-0cff-0310-8789-dd5450dbe970
* There are two mutex locking issues that Roland Dowdeswell noticed in Jeffrey Altman2008-07-211-0/+13
| | | | | | | | | | | | | the memory ccache. The first one is in cc_memory.c:krb5_mcc_initialize(). When it is free(3)ing the existing credentials it does not lock the data structures and hence two separate threads can run into issues. The same problem exists in cc_memory.c:krb5_mcc_destroy(). ticket: 5895 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20555 dc483132-0cff-0310-8789-dd5450dbe970
* ccdefault.c:Jeffrey Altman2008-07-211-2/+4
| | | | | | | | | | | | | | | | | krb5_cc_default_name() is permitted to return a NULL pointer as a valid output. Passing a NULL pointer to strcmp() will result in an exception as NULL is not a valid input parameter to strcmp(). Save the output of krb5_cc_default_name() to a variable and modify the conditional to set the new default ccache name in the case where there is no existing default ccache name. ticket: 5080 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20551 dc483132-0cff-0310-8789-dd5450dbe970
* Don't set LOCAL_SUBDIRS in many places and SUBDIRS in a few andKen Raeburn2008-07-202-2/+2
| | | | | | | default SUBDIRS to LOCAL_SUBDIRS via pre.in. Instead, just set SUBDIRS in each directory, and don't do anything in pre.in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20546 dc483132-0cff-0310-8789-dd5450dbe970
* Use mkstemp(), and fstat() the file to make sure that the mkstemp()Tom Yu2008-07-181-19/+60
| | | | | | | | implementation is setting sane file modes. ticket: 6002 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20543 dc483132-0cff-0310-8789-dd5450dbe970
* Revert due to potential file modes race conditionTom Yu2008-07-181-18/+14
| | | | | | | ticket: 6002 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20538 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_rc_io_creat() use mkstempTom Yu2008-07-181-14/+18
| | | | | | ticket: 6002 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20537 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_rc_io_creat(), unlink any existing rcache file before tryingTom Yu2008-07-171-1/+2
| | | | | | | | | | | to create a new rcache. This allows better recovery from corrupt rcache files. ticket: 6018 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20536 dc483132-0cff-0310-8789-dd5450dbe970
* Check return value from k5_mutex_lock() to partially mitigate someTom Yu2008-07-161-1/+3
| | | | | | | | assertion failures when mutexes get destroyed out from under us. ticket: 5962 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20529 dc483132-0cff-0310-8789-dd5450dbe970
* r1926@ken-wireless: raeburn | 2008-07-15 16:49:17 -0400Ken Raeburn2008-07-152-0/+72
| | | | | | | | | | | | ticket: 5947 status: open Add a test script for the walk_rtree code, and run some test cases that exercise the problem reported in RT ticket 5947. r1927@ken-wireless: raeburn | 2008-07-15 19:55:10 -0400 Some more test cases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20528 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_cred_via_tkt() should null out_cred on errorsTom Yu2008-07-151-0/+1
| | | | | | | | | | | | | Helper function krb5_kdcrep2creds(), called from krb5_get_cred_via_tkt(), should null its output pointer after freeing allocated memory, to avoid returning an invalid pointer. ticket: new tags: pullup target_version: 1.6.4 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20527 dc483132-0cff-0310-8789-dd5450dbe970
* Use all local addresses except loopback addresses, even if a non-loopbackKen Raeburn2008-07-121-17/+26
| | | | | | | | | | | | address appears on a loopback interface. This might happen if that's how your VPN code makes your local address visible. Use a variant of Apple's patch, extended to handle the other variations of local address determination. ticket: 6017 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20513 dc483132-0cff-0310-8789-dd5450dbe970
* Changes to krb5_kt_default_name changed the krb5 ABI. RevertedAlexandra Ellwood2008-07-081-1/+2
| | | | | | | | | API prototype change and added a temporary variable to avoid casting problems. ticket: 5432 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20502 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_gic_opte_copy should copy elements individuallyAlexandra Ellwood2008-07-071-2/+13
| | | | | | | | | | Since we are copying from one structure to another, copy elements. Using memcpy is fragile. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20499 dc483132-0cff-0310-8789-dd5450dbe970
* memcpy(NULL, ptr, 0) is invalid, so don't do itKen Raeburn2008-06-301-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20492 dc483132-0cff-0310-8789-dd5450dbe970
* misc uninitialized-storage accessesKen Raeburn2008-06-271-0/+1
| | | | | | | | | Fix some miscellaneous uninitialized-storage uses, mainly in unlikely error paths. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20487 dc483132-0cff-0310-8789-dd5450dbe970
* use-after-free bugsKen Raeburn2008-06-271-1/+1
| | | | | | | | | | | Fix some bugs with storage being used immediately after being freed. None look like anything an attacker can really manipulate AFAICT. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20485 dc483132-0cff-0310-8789-dd5450dbe970
* Memory leak, and possible freed-memory dereference, in an error (smallKen Raeburn2008-06-271-1/+1
| | | | | | | | allocation failure) path. ticket: 5997 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20482 dc483132-0cff-0310-8789-dd5450dbe970
* misc memory leaksKen Raeburn2008-06-275-11/+21
| | | | | | | | | | | | Fix various memory leaks that show up mostly in error cases (e.g., failure to allocate one small object, and then we forget to free another one). ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20481 dc483132-0cff-0310-8789-dd5450dbe970
* fix free of automatic storageKen Raeburn2008-06-271-4/+4
| | | | | | | | | | | Fix a possible free of automatic storage that can happen on an (unlikely) encoding failure. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20480 dc483132-0cff-0310-8789-dd5450dbe970
* Don't do FD_SETSIZE check on Windows.Ken Raeburn2008-06-271-1/+3
| | | | | | | | | | | Also, for form's sake, use closesocket instead of close inside the check. Kevin or Jeff, could you please verify that the code works again? ticket: 5925 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20479 dc483132-0cff-0310-8789-dd5450dbe970
* Fix off-by-one error in range check on file descriptor numberKen Raeburn2008-06-271-1/+1
| | | | | | | ticket: new target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20478 dc483132-0cff-0310-8789-dd5450dbe970
* Apple PKINIT LKDC supportAlexandra Ellwood2008-06-262-20/+86
| | | | | | | ticket: 5968 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20476 dc483132-0cff-0310-8789-dd5450dbe970
* Rolled back patch because tickets 4495 and 5124 fix this bugAlexandra Ellwood2008-06-251-4/+1
| | | | | | | | in a different way. ticket: 5991 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20474 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_do_preauth_tryagain should check for NULL padataAlexandra Ellwood2008-06-251-1/+4
| | | | | | | | | | Fixed so krb5_do_preauth_tryagain no longer crashes on NULL padata but instead returns an error. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20473 dc483132-0cff-0310-8789-dd5450dbe970
* Merge from branch sun-ipropKen Raeburn2008-06-241-2/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20465 dc483132-0cff-0310-8789-dd5450dbe970
* This patch is derived from a patch originally submitted to RTJeffrey Altman2008-06-182-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | by: Nik Conwell <nik@bu.edu> krb5_set_real_time() accepts as input the time of the KDC or an application server as a combination of seconds and microseconds. Often it is the case that the time source does not provide the real time with less than one second granularity. Up until this patch such a caller would fill in the microseconds parameter as zero. krb5_set_real_time() would treat the zero microseconds as the actual reported time and compute a microsecond based offset. During a one second window subsequent calls to krb5_set_real_time() would have an ever increasing offset size until the number of seconds is incremented. This in turn produces a side effect in which the microseconds value of the local clock is effectively erased. If there are multiple processes or threads on the same machine each requesting service tickets using the same client principal for the same service principal where the number of seconds reported by the KDC are equivalent, then they will now all create authenticators with exactly the same timestamp. As a result, the authenticating service will detect a replay attack even though the authenticators are actually unique. The replay cache only maintains a tuple of client, server and timestamp. This patch modifies the interpretation of the microseconds parameter. If -1 is specified, the microseconds offset is ignored. ticket: 5924 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20413 dc483132-0cff-0310-8789-dd5450dbe970
* Report file name in detailed cache creation errorKen Raeburn2008-06-081-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20371 dc483132-0cff-0310-8789-dd5450dbe970
* Do hash stuff with unsigned mathKen Raeburn2008-06-081-8/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20370 dc483132-0cff-0310-8789-dd5450dbe970
* Change krb5_context.db_context to point to the real structure type,Ken Raeburn2008-06-022-8/+8
| | | | | | | | and change uses to not cast all the time. Also rename it from db_context to dal_handle, since one of the fields in the pointed-to structure is also called db_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20348 dc483132-0cff-0310-8789-dd5450dbe970
* Apple PKINIT patch commitAlexandra Ellwood2008-05-308-4/+3189
| | | | | | | | | | | | | Commit of Apple PKINIT patches under "APPLE_PKINIT" preprocessor symbol. Long term goal is to merge these patches with the pkinit preauth plugin which does not currently have support for Mac OS X crypto libraries or the exported functions used by Back To My Mac. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20346 dc483132-0cff-0310-8789-dd5450dbe970
* (more) After malloc/realloc/calloc/strdup/asprintf failures, useKen Raeburn2008-04-304-7/+7
| | | | | | | | ENOMEM explicitly instead of reading it from errno. This may make static analysis tools less confused about when we return zero vs nonzero values. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20313 dc483132-0cff-0310-8789-dd5450dbe970
* After malloc/realloc/calloc failures, return ENOMEM explicitly insteadKen Raeburn2008-04-305-11/+11
| | | | | | | of reading it from errno. This may make static analysis tools less confused about when we return zero vs nonzero values. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20312 dc483132-0cff-0310-8789-dd5450dbe970
* fix possible buffer overrun in handling generic-error returnKen Raeburn2008-04-181-2/+3
| | | | | | | | | | | | | | | | | | | Jeff Altman reported this, based on a crash seen in KfW in the wild. The krb5_data handle used to describe the message field returned by the KDC is not null-terminated, but we use a "%s" format to incorporate it into an error message string. In the right circumstances, garbage bytes can be pulled into the string, or a memory fault may result. However, as this is in the error-reporting part of the client-side code for fetching new credentials, it's a relatively minor DoS attack only, not a serious security exposure. Should be fixed in the next releases, though. ticket: new target_version: 1.6.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20304 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out generic array expansion code from array_append macro into aKen Raeburn2008-04-031-7/+22
| | | | | | | separate function. Add some range checks, and don't bother separating malloc vs realloc depending on previous pointer value. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20302 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak by delaying instantiation of lid until it's neededJustin Anderson2008-03-041-7/+6
| | | | | | | ticket: 5897 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20254 dc483132-0cff-0310-8789-dd5450dbe970
* Make a NUL-terminated copy of realm name before passing to a pluginTom Yu2008-02-291-1/+16
| | | | | | | | | | interface that takes a C string rather than krb5_data. ticket: 5893 tags: pullup target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20243 dc483132-0cff-0310-8789-dd5450dbe970
* Set close-on-exec flag in most places where file descriptors areKen Raeburn2007-10-228-3/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | opened in our libraries (in case another application thread spawns a new process) and in the KDC programs (in case a plugin library spawns a new process). Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup dup2 pipe. In: util lib plugins kdc kadmin/server krb524. The various programs are less critical than the libraries, as any well-written plugin that spawns a new process should close all file descriptors it doesn't need to communicate with the new process. This approach also isn't bulletproof, as the call to set the close-on-exec flag is necessarily a separate call from creating the file descriptor, and the fork call could happen in between them. So plugins should be careful regardless of this patch; it will only reduce the window of potential lossage should a plugin be poorly written. (AFAIK there are currently no plugins that spawn processes where this would be a problem.) Update dependencies. ticket: 5561 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
* Reject socket fds > FD_SETSIZEKen Raeburn2007-10-181-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20127 dc483132-0cff-0310-8789-dd5450dbe970
* Add enhanced error messages to new error return cases, explaining theKen Raeburn2007-10-101-0/+6
| | | | | | | | (fairly generic) errors codes. ticket: 5777 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20111 dc483132-0cff-0310-8789-dd5450dbe970
* kt_file.c: Support multiple iterators active simultaneously, using aKen Raeburn2007-10-092-18/+113
| | | | | | | | | | | | counter. In get_entry, if the file was already open, rewind it to just after the version number, and don't close it when done. Don't allow add or remove calls if any iterator is active. t_keytab.c: Test mixing two iterators with get_entry calls. ticket: 5777 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20109 dc483132-0cff-0310-8789-dd5450dbe970
* Removed NOP line of code from krb5_fcc_next_cred()Alexandra Ellwood2007-10-031-1/+0
| | | | | | | | | | | | | | | | | | | | | | cursor = (krb5_cc_cursor *) fcursor; does nothing for a function with a prototype krb5_fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds) The correct line of code would be: *cursor = (krb5_cc_cursor) fcursor; Except it isn't necessary because fcursor isn't modified by krb5_fcc_next_cred(). Looks like code was copied from krb5_fcc_start_seq_get() and since the line was a NOP no one noticed it. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20085 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize options for _alloc interface to same defaults as for _initKen Raeburn2007-10-011-1/+9
| | | | | | | ticket: 5800 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20064 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the broken optimization from UnicodeToANSI() that attemptedJeffrey Altman2007-09-241-5/+3
| | | | | | | | | | | | | | | | | | | | | in a stupid way to avoid to WideCharToMultiByte() call by testing to see if the second byte (not wchar) was NUL. This test works for Latin1 but not for anything more interesting. Always call WideCharToMultiByte(). I commented out the use of WC_NO_BEST_FIT_CHARS in order to provide compatibility with Windows. Windows converts the user name without that option. With the current code a principal name consisting of a single component equivalent to the Greek character Sigma and a realm name will be converted to S@REALM exactly as the "WhoAmI" command does. If WC_NO_BEST_FIT_CHARS was specified, this string would be converted to "?@REALM". ticket: 5766 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19970 dc483132-0cff-0310-8789-dd5450dbe970
* MSLSA krb5_cc module fails to check success of UNICODE string conversionsJeffrey Altman2007-09-241-13/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The MSLSA krb5_cc module was written with an assumption that probably does not hold true anymore. It assumed that all Kerberos strings although stored in wide character data structures could in fact be represented in the application's ANSI code page and that such conversions would not fail. The UnicodeToANSI() function did not check the result of WideCharToMultiByte() for success. If the conversion failed, this could result in the caller believing the contents of the output string buffer were a valid string when instead they were simply stack garbage. The UnicodeStringToMITPrinc() and KerbExternalNameToMITPrinc() functions did not check the return value of krb5_parse_name() for success. If krb5_parse_name() was passed a pointer to garbage on the stack instead of an actual principal name, this could result in the caller believing the output krb5_principal * was valid when instead it was NULL. The function CacheInfoEx2ToMITCred() is dependent on the success or failure of UnicodeStringToMITPrinc() assumed it could not fail and did not return a success or failure indication to its caller. If Microsoft a formatted ticket contains a Unicode string that can not be represented in the application's ANSI code page, this could result in a NULL pointer dereference during a call to krb5_cc_resolve("MSLSA:") or krb5_cc_retrieve(), or krb5_cc_get_principal(). With the changes in this commit, tickets containing principal names that cannot be represented in the application's ANSI code page will be hidden from the application. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19969 dc483132-0cff-0310-8789-dd5450dbe970
* In the pkinit decoders, set up things properly so that asn1buf_sync()Tom Yu2007-09-131-3/+22
| | | | | | | | | behaves correctly and isn't acting on uninitialized variables. ticket: 5704 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19935 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-30 06:09:34 +0000