summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Don't do UTF-8 bits (and include Apple headers) when just rebuilding ↵Ken Raeburn2008-04-241-2/+2
| | | | | | dependencies git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20306 dc483132-0cff-0310-8789-dd5450dbe970
* fix possible buffer overrun in handling generic-error returnKen Raeburn2008-04-181-2/+3
| | | | | | | | | | | | | | | | | | | Jeff Altman reported this, based on a crash seen in KfW in the wild. The krb5_data handle used to describe the message field returned by the KDC is not null-terminated, but we use a "%s" format to incorporate it into an error message string. In the right circumstances, garbage bytes can be pulled into the string, or a memory fault may result. However, as this is in the error-reporting part of the client-side code for fetching new credentials, it's a relatively minor DoS attack only, not a serious security exposure. Should be fixed in the next releases, though. ticket: new target_version: 1.6.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20304 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out generic array expansion code from array_append macro into aKen Raeburn2008-04-031-7/+22
| | | | | | | separate function. Add some range checks, and don't bother separating malloc vs realloc depending on previous pointer value. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20302 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 220: NULL check of "buf" after dereferenceKen Raeburn2008-03-291-1/+3
| | | | | | | | All call sites have previously dereferenced the pointer, but to keep the interface simple, keep the null check, and move the dereference to after it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20300 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 46: mech_type will always have the address of anKen Raeburn2008-03-291-3/+0
| | | | | | | | automatic variable, so can never be null (GSS_C_NULL_OID). Delete null check and unreachable conditional code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20299 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 47: Unreachable codeKen Raeburn2008-03-291-6/+0
| | | | | | Delete redundant "status" check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20298 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 91: Context is tested for null, and then unconditionallyKen Raeburn2008-03-291-1/+1
| | | | | | | | dereferenced. Remove unneeded null check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20297 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 228: Possible use of uninitialized variable time_req inKen Raeburn2008-03-292-1/+30
| | | | | | | | | | gss_add_cred if cred_usage has an invalid value. (Also flagged by GCC.) Changed validation routines for gss_add_cred, gss_acquire_cred, and gss_store_cred to check the cred_usage value. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20295 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2008-002Ken Raeburn2008-03-182-2/+29
| | | | | | | | | | | | | | Fix MITKRB5-SA-2008-002: array overrun in libgssrpc. Don't update the internally-tracked maximum file descriptor value if the new one is FD_SETSIZE (or NOFILE) or above. Reject TCP file descriptors of FD_SETSIZE (NOFILE) or above. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20278 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak by delaying instantiation of lid until it's neededJustin Anderson2008-03-041-7/+6
| | | | | | | ticket: 5897 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20254 dc483132-0cff-0310-8789-dd5450dbe970
* Add "-framework CoreFoundation" to crypto library link command in darwin-modeKen Raeburn2008-03-041-1/+1
| | | | | | | | | build on mac. ticket: 5894 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20253 dc483132-0cff-0310-8789-dd5450dbe970
* Make a NUL-terminated copy of realm name before passing to a pluginTom Yu2008-02-291-1/+16
| | | | | | | | | | interface that takes a C string rather than krb5_data. ticket: 5893 tags: pullup target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20243 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_arcfour_string_to_key does not support utf-8 stringsAlexandra Ellwood2008-02-261-9/+47
| | | | | | | | | | | | | | | | krb5int_arcfour_string_to_key converts C strings to UTF-16 before passing them to the string to key function. Currently the UTF-16 conversion assumes the input string is ASCII only. Added support to convert UTF-8 strings to UTF-16 on Mac OS X. Leaving the bug open until we discuss if we want to have implementations for Unix and Windows platforms. ticket: new status: open target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20242 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-5902: integer overflow in svcauth_gss_get_principal()Tom Yu2007-12-141-1/+1
| | | | | | | | ticket: 5855 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20181 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-5971: double-free in gss_krb5int_make_seal_token_v3()Tom Yu2007-12-141-1/+0
| | | | | | | | ticket: 5856 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20180 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-5972: double fclose() in krb5_def_store_mkey()Tom Yu2007-12-141-2/+1
| | | | | | | | ticket: 5857 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20179 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-5971: free of non-heap pointer in gss_indicate_mechs()Tom Yu2007-12-141-1/+1
| | | | | | | | ticket: 5856 tags: pullup target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20178 dc483132-0cff-0310-8789-dd5450dbe970
* copy correct key for lucid context acceptor_subkeyKevin Coffman2007-12-121-1/+1
| | | | | | | | | | Copy the correct key (acceptor_subkey) to lucid context's acceptor_subkey. ticket: new component: krb5-libs Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20175 dc483132-0cff-0310-8789-dd5450dbe970
* Set close-on-exec flag in most places where file descriptors areKen Raeburn2007-10-2232-40/+122
| | | | | | | | | | | | | | | | | | | | | | | | | | | opened in our libraries (in case another application thread spawns a new process) and in the KDC programs (in case a plugin library spawns a new process). Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup dup2 pipe. In: util lib plugins kdc kadmin/server krb524. The various programs are less critical than the libraries, as any well-written plugin that spawns a new process should close all file descriptors it doesn't need to communicate with the new process. This approach also isn't bulletproof, as the call to set the close-on-exec flag is necessarily a separate call from creating the file descriptor, and the fork call could happen in between them. So plugins should be careful regardless of this patch; it will only reduce the window of potential lossage should a plugin be poorly written. (AFAIK there are currently no plugins that spawn processes where this would be a problem.) Update dependencies. ticket: 5561 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
* Reject socket fds > FD_SETSIZEKen Raeburn2007-10-181-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20127 dc483132-0cff-0310-8789-dd5450dbe970
* Add enhanced error messages to new error return cases, explaining theKen Raeburn2007-10-101-0/+6
| | | | | | | | (fairly generic) errors codes. ticket: 5777 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20111 dc483132-0cff-0310-8789-dd5450dbe970
* kt_file.c: Support multiple iterators active simultaneously, using aKen Raeburn2007-10-092-18/+113
| | | | | | | | | | | | counter. In get_entry, if the file was already open, rewind it to just after the version number, and don't close it when done. Don't allow add or remove calls if any iterator is active. t_keytab.c: Test mixing two iterators with get_entry calls. ticket: 5777 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20109 dc483132-0cff-0310-8789-dd5450dbe970
* Removed NOP line of code from krb5_fcc_next_cred()Alexandra Ellwood2007-10-031-1/+0
| | | | | | | | | | | | | | | | | | | | | | cursor = (krb5_cc_cursor *) fcursor; does nothing for a function with a prototype krb5_fcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds) The correct line of code would be: *cursor = (krb5_cc_cursor) fcursor; Except it isn't necessary because fcursor isn't modified by krb5_fcc_next_cred(). Looks like code was copied from krb5_fcc_start_seq_get() and since the line was a NOP no one noticed it. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20085 dc483132-0cff-0310-8789-dd5450dbe970
* Apply patch from Nalin Dahyabhai to correctly handle delegatedTom Yu2007-10-031-2/+5
| | | | | | | | | | credentials if ret_flags is null. ticket: 5802 target_version: 1.6.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20082 dc483132-0cff-0310-8789-dd5450dbe970
* Initialize options for _alloc interface to same defaults as for _initKen Raeburn2007-10-011-1/+9
| | | | | | | ticket: 5800 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20064 dc483132-0cff-0310-8789-dd5450dbe970
* Add static ordinals to DLL exportsJeffrey Altman2007-09-303-354/+356
| | | | | | | | | | | | | | | Add static ordinals to DLL exports in krb5_32.def, xpprof32.def gssapi32.def, and krb524.def. Not added to k5sprt32.def as all of the functions are private. Not added to krb4_32.def as the library is not supported as part of KFW. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20024 dc483132-0cff-0310-8789-dd5450dbe970
* Remove the broken optimization from UnicodeToANSI() that attemptedJeffrey Altman2007-09-241-5/+3
| | | | | | | | | | | | | | | | | | | | | in a stupid way to avoid to WideCharToMultiByte() call by testing to see if the second byte (not wchar) was NUL. This test works for Latin1 but not for anything more interesting. Always call WideCharToMultiByte(). I commented out the use of WC_NO_BEST_FIT_CHARS in order to provide compatibility with Windows. Windows converts the user name without that option. With the current code a principal name consisting of a single component equivalent to the Greek character Sigma and a realm name will be converted to S@REALM exactly as the "WhoAmI" command does. If WC_NO_BEST_FIT_CHARS was specified, this string would be converted to "?@REALM". ticket: 5766 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19970 dc483132-0cff-0310-8789-dd5450dbe970
* MSLSA krb5_cc module fails to check success of UNICODE string conversionsJeffrey Altman2007-09-241-13/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The MSLSA krb5_cc module was written with an assumption that probably does not hold true anymore. It assumed that all Kerberos strings although stored in wide character data structures could in fact be represented in the application's ANSI code page and that such conversions would not fail. The UnicodeToANSI() function did not check the result of WideCharToMultiByte() for success. If the conversion failed, this could result in the caller believing the contents of the output string buffer were a valid string when instead they were simply stack garbage. The UnicodeStringToMITPrinc() and KerbExternalNameToMITPrinc() functions did not check the return value of krb5_parse_name() for success. If krb5_parse_name() was passed a pointer to garbage on the stack instead of an actual principal name, this could result in the caller believing the output krb5_principal * was valid when instead it was NULL. The function CacheInfoEx2ToMITCred() is dependent on the success or failure of UnicodeStringToMITPrinc() assumed it could not fail and did not return a success or failure indication to its caller. If Microsoft a formatted ticket contains a Unicode string that can not be represented in the application's ANSI code page, this could result in a NULL pointer dereference during a call to krb5_cc_resolve("MSLSA:") or krb5_cc_retrieve(), or krb5_cc_get_principal(). With the changes in this commit, tickets containing principal names that cannot be represented in the application's ANSI code page will be hidden from the application. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19969 dc483132-0cff-0310-8789-dd5450dbe970
* In the pkinit decoders, set up things properly so that asn1buf_sync()Tom Yu2007-09-131-3/+22
| | | | | | | | | behaves correctly and isn't acting on uninitialized variables. ticket: 5704 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19935 dc483132-0cff-0310-8789-dd5450dbe970
* 64-bit Windows krb5int_cc_default calls to LeashJeffrey Altman2007-09-051-1/+6
| | | | | | | | AMD64 builds must load leashw64.dll not leashw32.dll ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19929 dc483132-0cff-0310-8789-dd5450dbe970
* Revise patch to avoid 32-byte overflow which remained after theTom Yu2007-09-051-2/+10
| | | | | | | | | | | initial patch. Memory written to by the IXDR macro calls had not been accounted for. Thanks to Kevin Coffman, Will Fiveash, and Nico Williams for discovering this bug and assisting with patch development. ticket: 5706 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19923 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_fcc_generate_new is non-functionalEzra Peisach2007-09-052-49/+104
| | | | | | | | | | | | | File locking was non-existant in this code and fccs chained list was not used at all. This resulted in an assertion failure when closing the cache. Code has been reorganized to parallel the code in krb5_fcc_resolve for easier maintenence. Commented out test in t_cc.c has been updated to actually test this code. ticket:new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19920 dc483132-0cff-0310-8789-dd5450dbe970
* Rework error-mapping code to preserve status code values when returnedKen Raeburn2007-09-055-84/+179
| | | | | | | | | | | | | | | by only one mechanism. Revert RPC code to relying on this. Build error-mapping code on a bidirectional map instead of a simple array. When a status code is returned but has been seen returned from a different mechanism already, generate a new number, starting at 100,000. Use gssrpcint_printf for some more debugging code. ticket: 5654 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19919 dc483132-0cff-0310-8789-dd5450dbe970
* Support using valgrind on test programsKen Raeburn2007-09-042-1/+44
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19916 dc483132-0cff-0310-8789-dd5450dbe970
* revert accidental commit of gc_frm_kdc.cTom Yu2007-09-041-181/+20
| | | | | | ticket: 5707 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19915 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-4000 modify_policy vulnerabilityTom Yu2007-09-042-22/+184
| | | | | | | | | | | In kadm5_modify_policy_internal, check for nonexistence of policy before doing anything with it, to avoid memory corruption. ticket: new target_version: 1.6.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19914 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-3999 svc_auth_gss.c buffer overflowTom Yu2007-09-041-1/+1
| | | | | | | | | | | | Make sure svcauth_gss_validate adequately checks oa->oa_length prior to copying into rpcbuf. ticket: new target_version: 1.6.3 tags: pullup component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19913 dc483132-0cff-0310-8789-dd5450dbe970
* Bail out if encoded "ticket" doesn't decode correctly. This allowsTom Yu2007-09-041-1/+2
| | | | | | | | t_cc test case to pass and allows non-tickets to be stored (for now). ticket: 5697 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19910 dc483132-0cff-0310-8789-dd5450dbe970
* GSS-API Win64 support Jeffrey Altman2007-09-021-1/+6
| | | | | | | | The name of the Leash API DLL on Win64 is "leashw64.dll". ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19909 dc483132-0cff-0310-8789-dd5450dbe970
* Make internal functions staticKen Raeburn2007-08-311-38/+38
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19900 dc483132-0cff-0310-8789-dd5450dbe970
* Don't export file keytab implementation functionsKen Raeburn2007-08-311-20/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19899 dc483132-0cff-0310-8789-dd5450dbe970
* Make ccache handle referrals better by storing both server principalTom Yu2007-08-291-3/+40
| | | | | | | | | | | | names if they differ between the creds structure and the encoded ticket and by looking up the server principal using the client's realm if not found and server's realm was initially the referral (empty) realm. ticket: 5697 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19898 dc483132-0cff-0310-8789-dd5450dbe970
* Windows 64-bit CCAPI DLL nameJeffrey Altman2007-08-291-0/+4
| | | | | | | | | The 64-bit CCAPI DLL name is krbcc64.dll not krbcc32.dll. Conditionalize it on _WIN64. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19892 dc483132-0cff-0310-8789-dd5450dbe970
* Change use of choice_pa_pk_as_rep_UNKNOWN toEzra Peisach2007-08-261-1/+1
| | | | | | | | | choice_pa_pk_as_rep_draft9_UNKNOWN to cleanup warning... Value of enum same in both cases... ticket: 5617 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19880 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_free_addrlist needed tooKen Raeburn2007-08-251-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19877 dc483132-0cff-0310-8789-dd5450dbe970
* Oops, _krb5_conf_boolean is needed by a test programKen Raeburn2007-08-251-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19876 dc483132-0cff-0310-8789-dd5450dbe970
* Remove from export list several encode_* and decode_* symbols that areKen Raeburn2007-08-241-13/+0
| | | | | | | | | not used outside the krb5 library. (In some cases, the only use is in our own test programs, which means two things: The test programs should probably be changed to use the accessor interface, and some of the newer encoder/decoder functions aren't being unit-tested.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19875 dc483132-0cff-0310-8789-dd5450dbe970
* Stop exporting _krb5_* (note leading underscore) and asn1* symbolsKen Raeburn2007-08-241-158/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19874 dc483132-0cff-0310-8789-dd5450dbe970
* Missed oneKen Raeburn2007-08-241-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19873 dc483132-0cff-0310-8789-dd5450dbe970
* Remove os_get_default_config_files, and the krb5int_* functions notKen Raeburn2007-08-241-24/+0
| | | | | | | actually called directly from outside the library, from the export list. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19872 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-10-03 11:10:36 +0000