krb5.git/src/lib/krb5, branch master MIT Kerberos patches make depend 2014-07-08T23:36:32+00:00 Greg Hudson ghudson@mit.edu 2014-07-08T23:36:32+00:00 aea099ab5544eefb4d27d8cd963b1247c10dc559 






Include autoconf.h before system headers
2014-07-08T23:19:24+00:00

Greg Hudson
ghudson@mit.edu

2014-07-05T15:50:58+00:00

02a1123cf44381690c28f18ab2c4ba8036200539

Include autoconf.h (either directly or via proxy) before system
headers, so that feature test macros defined there can affect the
system namespace.  Where include order was changed, eliminate some
redundant or unnecessary includes.

ticket: 7961





Include autoconf.h (either directly or via proxy) before system
headers, so that feature test macros defined there can affect the
system namespace.  Where include order was changed, eliminate some
redundant or unnecessary includes.

ticket: 7961







Simplify usage of strerror_r
2014-07-08T23:19:24+00:00

Greg Hudson
ghudson@mit.edu

2014-07-05T14:23:11+00:00

6a8da91b691b8f51ac62d8142cd2fa32a69f3d15

Take advantage of the strerror_r portability wrapper to simplify code
using it.  Remove unused macros related to strerror_r in
ldap_service_stash.c and plugins.c.

ticket: 7961





Take advantage of the strerror_r portability wrapper to simplify code
using it.  Remove unused macros related to strerror_r in
ldap_service_stash.c and plugins.c.

ticket: 7961







Avoid using length fields in socket addresses
2014-07-04T19:14:03+00:00

Greg Hudson
ghudson@mit.edu

2014-07-03T16:48:53+00:00

48a0b16ab1f70b6486a6d7af7ca9e7b376b19956

Remove code to set or reference the length fields of socket addresses
(sa_len/sin_len/sin6_len), since they aren't portable and setting them
is not required.  Remove autoconf tests for those fields which are no
longer used or which were never used.

There is one exception: in localaddr.c, we still neeed to reference
sa_len for the definition of ifreq_size on platforms which have
sa_len.  Leave that behind, along with the autoconf test which defines
SA_LEN.





Remove code to set or reference the length fields of socket addresses
(sa_len/sin_len/sin6_len), since they aren't portable and setting them
is not required.  Remove autoconf tests for those fields which are no
longer used or which were never used.

There is one exception: in localaddr.c, we still neeed to reference
sa_len for the definition of ifreq_size on platforms which have
sa_len.  Leave that behind, along with the autoconf test which defines
SA_LEN.







Don't depend on sa_len sockaddr field
2014-07-04T19:14:02+00:00

Greg Hudson
ghudson@mit.edu

2014-07-03T16:17:25+00:00

1fde9a67030845d3cae0661595f5737a4db8b9dd

In socket-utils.h, replace the socklen macro with an inline function
sa_socklen which always uses the address family, even on platforms
with the sa_len sockaddr field.  This removes the need to set sa_len
in socket addresses we construct.





In socket-utils.h, replace the socklen macro with an inline function
sa_socklen which always uses the address family, even on platforms
with the sa_len sockaddr field.  This removes the need to set sa_len
in socket addresses we construct.







Fix unlikely null dereference in TGS client code
2014-06-30T22:23:04+00:00

Neng Xue
xnsuda@yahoo.com

2014-06-30T21:04:56+00:00

81e503c09ad9aef4a0afc6bf66a0269cde2151f3

If krb5_get_tgs_ktypes fails (due to an out-of-memory condition or an
error re-reading the profile), k5_make_tgs_req will dereference a null
pointer.  Check the return value before dereferencing defenctypes.

[ghudson@mit.edu: clarified commit message]

ticket: 7952 (new)
target_version: 1.12.2
tags: pullup





If krb5_get_tgs_ktypes fails (due to an out-of-memory condition or an
error re-reading the profile), k5_make_tgs_req will dereference a null
pointer.  Check the return value before dereferencing defenctypes.

[ghudson@mit.edu: clarified commit message]

ticket: 7952 (new)
target_version: 1.12.2
tags: pullup







Fix unlikely null dereference in mk_cred()
2014-06-25T18:40:27+00:00

Nalin Dahyabhai
nalin@redhat.com

2014-06-25T16:56:42+00:00

476284de8dc9a52b5544445cb1b316a417ae88f0

If krb5_encrypt_keyhelper() returns an error, the ciphertext structure
may contain a non-zero length, but it will already have freed the
pointer to its data, making encrypt_credencpart()'s subsequent attempt
to clear and free the memory fail.  Remove that logic.

Based on a patch from Jatin Nansi.

ticket: 7948 (new)
target_version: 1.12.2
tags: pullup





If krb5_encrypt_keyhelper() returns an error, the ciphertext structure
may contain a non-zero length, but it will already have freed the
pointer to its data, making encrypt_credencpart()'s subsequent attempt
to clear and free the memory fail.  Remove that logic.

Based on a patch from Jatin Nansi.

ticket: 7948 (new)
target_version: 1.12.2
tags: pullup







Simplify and fix k5_check_cert_address
2014-06-12T16:23:42+00:00

Greg Hudson
ghudson@mit.edu

2014-06-03T15:48:13+00:00

b6ec31e4e599db867ff19beef3be9b0bfa5b70eb

Get rid of the address union.  Store the result of get_cert_cn in a
signed variable so we can meaningfully check for negative results.
Make get_cert_cn return int for consistency with
X509_NAME_get_text_by_NID and its two callers.

Also add an emacs mode line to the top of the file.

ticket: 7929





Get rid of the address union.  Store the result of get_cert_cn in a
signed variable so we can meaningfully check for negative results.
Make get_cert_cn return int for consistency with
X509_NAME_get_text_by_NID and its two callers.

Also add an emacs mode line to the top of the file.

ticket: 7929







Add missing profile functions to libkrb5 exports
2014-06-11T04:38:31+00:00

Greg Hudson
ghudson@mit.edu

2014-06-04T20:18:21+00:00

dc1a76ccc5d3a6972d0f21d38389ff39e54f283a

profile_flush_to_buffer, profile_flush_to_file, profile_free_buffer,
profile_init_flags, and profile_init_vtable are all public profile
functions, but are inaccessible to libkrb5 applications on some
platforms because they were never added to the export list.  Add them
now.

(libprofile functions have never been part of the Windows DLL export
list, so do not change krb5_32.def at this time.)

ticket: 7930 (new)
target_version: 1.12.2
tags: pullup





profile_flush_to_buffer, profile_flush_to_file, profile_free_buffer,
profile_init_flags, and profile_init_vtable are all public profile
functions, but are inaccessible to libkrb5 applications on some
platforms because they were never added to the export list.  Add them
now.

(libprofile functions have never been part of the Windows DLL export
list, so do not change krb5_32.def at this time.)

ticket: 7930 (new)
target_version: 1.12.2
tags: pullup







Simplify ticket retrieval from AP-REQs
2014-06-11T03:54:41+00:00

Greg Hudson
ghudson@mit.edu

2014-06-05T16:03:16+00:00

02de9935648c307098fb69da26f74424da8dde64

After krb5_rd_req_decoded or krb5_rd_req_decoded_anyflag, the ticket
(with enc_part2 if we could decrypt it) is accessible via
request->ticket; there is no need to copy it.  Stop using the ticket
parameter of those functions.  Where we need to save the ticket beyond
the lifetime of the krb5_ap_req, steal the pointer before freeing the
request.





After krb5_rd_req_decoded or krb5_rd_req_decoded_anyflag, the ticket
(with enc_part2 if we could decrypt it) is accessible via
request->ticket; there is no need to copy it.  Stop using the ticket
parameter of those functions.  Where we need to save the ticket beyond
the lifetime of the krb5_ap_req, steal the pointer before freeing the
request.