krb5.git/src/plugins/preauth, branch proxymech MIT Kerberos patches make depend 2013-03-24T05:30:33+00:00 Greg Hudson ghudson@mit.edu 2013-03-24T05:30:33+00:00 24c8bacbccc854dc30fd6baee49cdd2bf2557e47 






Add PEM password prompter callback in PKINIT
2013-03-15T16:07:10+00:00

Nalin Dahyabhai
nalin@redhat.com

2013-03-15T16:05:56+00:00

a8eec52a13ba108b8855aef8cf9dafeb37811d2e

Supply a callack to PEM_read_bio_PrivateKey() using the prompter to
request a password for encrypted PEM data.  Otherwise OpenSSL will use
the controlling terminal.

[ghudson@mit.edu: minor style cleanup, commit message]

ticket: 7590





Supply a callack to PEM_read_bio_PrivateKey() using the prompter to
request a password for encrypted PEM data.  Otherwise OpenSSL will use
the controlling terminal.

[ghudson@mit.edu: minor style cleanup, commit message]

ticket: 7590







Cleaner fix for #7570
2013-02-15T19:28:42+00:00

Ben Kaduk
kaduk@mit.edu

2013-02-15T16:41:27+00:00

b71f8c4aacea8849ceaf31a2fa95e143f3943097

Remove variables and labels which are no longer needed.





Remove variables and labels which are no longer needed.







PKINIT null pointer deref [CVE-2013-1415]
2013-02-15T19:28:41+00:00

Xi Wang
xi.wang@gmail.com

2013-02-14T23:17:40+00:00

c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed

Don't dereference a null pointer when cleaning up.

The KDC plugin for PKINIT can dereference a null pointer when a
malformed packet causes processing to terminate early, leading to
a crash of the KDC process.  An attacker would need to have a valid
PKINIT certificate or have observed a successful PKINIT authentication,
or an unauthenticated attacker could execute the attack if anonymous
PKINIT is enabled.

CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C

This is a minimal commit for pullup; style fixes in a followup.
[kaduk@mit.edu: reformat and edit commit message]

ticket: 7570 (new)
target_version: 1.11.1
tags: pullup





Don't dereference a null pointer when cleaning up.

The KDC plugin for PKINIT can dereference a null pointer when a
malformed packet causes processing to terminate early, leading to
a crash of the KDC process.  An attacker would need to have a valid
PKINIT certificate or have observed a successful PKINIT authentication,
or an unauthenticated attacker could execute the attack if anonymous
PKINIT is enabled.

CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C

This is a minimal commit for pullup; style fixes in a followup.
[kaduk@mit.edu: reformat and edit commit message]

ticket: 7570 (new)
target_version: 1.11.1
tags: pullup







Modernize k5buf
2013-02-14T16:42:28+00:00

Greg Hudson
ghudson@mit.edu

2013-02-14T16:41:10+00:00

6dda284554a869f7fa1e6d2a035df06c97f103ef

Rename the krb5int_buf_ family of functions to use the k5_ prefix for
brevity.  Reformat some k5buf implementation code to match current
practices.





Rename the krb5int_buf_ family of functions to use the k5_ prefix for
brevity.  Reformat some k5buf implementation code to match current
practices.







Add and use k5memdup, k5memdup0 helpers
2013-02-09T05:43:35+00:00

Greg Hudson
ghudson@mit.edu

2013-02-09T05:43:35+00:00

7905cd6a2eddbf264242bb2a85f811878b2da7ab

Add k5-int.h static functions to duplicate byte ranges, optionally
with a trailing zero byte, and set an error code like k5alloc does.
Use them where they would shorten existing code.





Add k5-int.h static functions to duplicate byte ranges, optionally
with a trailing zero byte, and set an error code like k5alloc does.
Use them where they would shorten existing code.







make depend
2013-01-10T17:46:26+00:00

Greg Hudson
ghudson@mit.edu

2013-01-10T17:46:26+00:00

2807e8e1e1dc89b3d482de7c73d13d19187fdb38

Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.





Mostly this gets rid of the trailing space on line 2 after
bb76891f5386526bdf91bc790c614fc9296cb5fa.







Fix various result checks
2013-01-07T06:37:19+00:00

Nickolai Zeldovich
nickolai@csail.mit.edu

2013-01-07T06:37:19+00:00

a9ee4a040eeacab1d410ff9e4c862484b531c401

Correct three cases where the wrong expression was checked to see if
an allocation function returned null.

[ghudson@mit.edu: commit message, patch splitting]

ticket: 7534
target_version: 1.11.1
tags: pullup





Correct three cases where the wrong expression was checked to see if
an allocation function returned null.

[ghudson@mit.edu: commit message, patch splitting]

ticket: 7534
target_version: 1.11.1
tags: pullup







Separate clpreauth and kdcpreauth interfaces
2012-12-19T19:24:21+00:00

Greg Hudson
ghudson@mit.edu

2012-10-21T23:37:14+00:00

f0794cba6a406fc834434eb6dc794bf29eda4a13

Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header.  For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.





Since there is no overlap between the clpreauth and kdcpreauth
interface declarations, there's no particular reason to combine them
into one header.  For backward compatibility and convenience, leave
behind a preauth_plugin.h which includes both.







PKINIT (draft9) null ptr deref [CVE-2012-1016]
2012-12-14T20:45:31+00:00

Nalin Dahyabhai
nalin@redhat.com

2012-12-13T19:26:07+00:00

cd5ff932c9d1439c961b0cf9ccff979356686aff

Don't check for an agility KDF identifier in the non-draft9 reply
structure when we're building a draft9 reply, because it'll be NULL.

The KDC plugin for PKINIT can dereference a null pointer when handling
a draft9 request, leading to a crash of the KDC process.  An attacker
would need to have a valid PKINIT certificate, or an unauthenticated
attacker could execute the attack if anonymous PKINIT is enabled.

CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C

[tlyu@mit.edu: reformat comment and edit log message]

ticket: 7506 (new)
target_version: 1.11
tags: pullup





Don't check for an agility KDF identifier in the non-draft9 reply
structure when we're building a draft9 reply, because it'll be NULL.

The KDC plugin for PKINIT can dereference a null pointer when handling
a draft9 request, leading to a crash of the KDC process.  An attacker
would need to have a valid PKINIT certificate, or an unauthenticated
attacker could execute the attack if anonymous PKINIT is enabled.

CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C

[tlyu@mit.edu: reformat comment and edit log message]

ticket: 7506 (new)
target_version: 1.11
tags: pullup