Define client_addr() in server_stubs.c and use it consistently in that
file and ipropd_svc.c to get the client address from a transport
handle.  In it, call getpeername() on the client socket and use
inet_ntop() on the result, instead of using inet_ntoa() on the IPv4
socket address.  Provide a log_badauth2 callback to GSSRPC, so that we
get a transport handle instead of an IPv4 socket address, and use
client_addr() within it instead of inet_ntoa().

ticket: 7770
target_version: 1.12
tags: pullup

In ure.c, though k is a short, the literal 1 is of type 'int', and
so the operation 'k + 1' is performed at the (32-bit) width of int,
and therefore the "%d" format string is correct.

In accept_sec_context.c, the 'length' field of krb5_data is an
unsigned type, so checking for a negative value has no effect.

In net-server.c, the helper routine rtm_type_name() is only used
in code that is disabled with #if 0 conditionals; make the
definition also disabled in the same way to avoid warnings of an
unused function.

In kdc_authdata.c, equality checks in double parentheses elicit
a warning from clang.  The double-parentheses idiom is normally used
to indicate that an assignment is being performed, but the value of
the assignment is also to be used as the value for the conditional.
Since assignment and equality checking differ only by a single
character, clang considers this worthy of a warning.  Since the extra
set of parentheses is redundant and against style, it is correct to
remove them.

In several places (sim_server.c, dump.c, kdb5_destroy.c,
ovsec_kadmd.c), there are declarations of extern variables relating
to getopt() functionality that are now unused in the code.  Remove
these unused variables.

The krb5 implementation of gss_display_name() reports the name type as
GSS_C_NT_ANONYMOUS if the client uses an anonymous principal.  Accept
this name type in gss_name_to_string and gss_to_krb5_name so that
anonymous kadmin can work.

Also improve code hygiene: call gss_name_to_string from
gss_to_krb5_name to reduce code repetition; use gss_oid_equal instead
of pointer comparison for name types; and don't assume that the
gss_display_name result buffer is zero-terminated.

ticket: 7740 (new)
target_version: 1.12
tags: pullup

If the error code is out of [0,127] range, assign it to KRB_ERR_GENERIC.
This fix is to correct the previous behavior with [0,128] range.
For more information see  krb5_err.et

Make the purgekeys RPC allow self-service, like the chpass and chrand
RPCs.

ticket: 7681 (new)

Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH,
SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be
specified in the common case.  Rename KRB5_RUN_ENV and KRB5_RUN_VARS
to RUN_SETUP (already the most commonly used name) and RUN_VARS.  Make
sure to use DEFINES for local defines (not DEFS).  Remove some other
unnecessary makefile content.

The kpasswd service provided by kadmind was vulnerable to a UDP
"ping-pong" attack [CVE-2002-2443].  Don't respond to packets unless
they pass some basic validation, and don't respond to our own error
packets.

Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
attack or UDP ping-pong attacks in general, but there is discussion
leading toward narrowing the definition of CVE-1999-0103 to the echo,
chargen, or other similar built-in inetd services.

Thanks to Vincent Danen for alerting us to this issue.

CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C

ticket: 7637 (new)
target_version: 1.11.3
tags: pullup

fclose() might overwrite the errno value from fprintf, causing us to
return success when we shouldn't.  Record the errno value at the time
of the fprintf failure.