summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Two versions of resolver code were almost identical, so unify them and ↵Ken Raeburn2008-08-021-37/+11
| | | | | | reduce duplication. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20594 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out code to compute length of quoted name component and copy withKen Raeburn2008-08-021-78/+68
| | | | | | quoting into separate functions, to reduce code duplication. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20593 dc483132-0cff-0310-8789-dd5450dbe970
* Delete decls for nonexistent functions, and an unused typedefKen Raeburn2008-07-301-15/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20589 dc483132-0cff-0310-8789-dd5450dbe970
* fix possible uninit variable use in error pathKen Raeburn2008-07-251-0/+1
| | | | | | | | | | | Clear gss_client and gss_target before any possible branch to 'error', where they can be used. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20580 dc483132-0cff-0310-8789-dd5450dbe970
* In the gss rpc package, replace the type used for a Jeffrey Altman2008-07-236-29/+32
| | | | | | | | | | | | | | socket on Windows with SOCKET (instead of int) and replace all calls to close() that are used to close sockets with closesocket(). src/include/port-sockets.h includes the definitions of SOCKET and closesocket() for non-Windows systems. ticket: 6041 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20578 dc483132-0cff-0310-8789-dd5450dbe970
* Fix one missed rename of "exit" label to "done"Tom Yu2008-07-231-1/+1
| | | | | | ticket: 5442 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20575 dc483132-0cff-0310-8789-dd5450dbe970
* replace "exit" label with "done"Jeffrey Altman2008-07-231-4/+4
| | | | | | ticket: 5442 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20574 dc483132-0cff-0310-8789-dd5450dbe970
* Catch a few more cases of unchecked k5_mutex_lock callsKen Raeburn2008-07-221-1/+3
| | | | | | ticket: 5962 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20567 dc483132-0cff-0310-8789-dd5450dbe970
* Another check for null return from krb5_cc_default_nameKen Raeburn2008-07-211-11/+19
| | | | | | ticket: 5980 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20561 dc483132-0cff-0310-8789-dd5450dbe970
* Check for null name to krb5_cc_resolve, and return an errorKen Raeburn2008-07-211-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20560 dc483132-0cff-0310-8789-dd5450dbe970
* This patch addresses the issues raised in this ticket and ticket 5936Jeffrey Altman2008-07-211-18/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (a) In the case where 'cred_handle' != 'verifier_cred_handle'[1] krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success case and the failure cases that result in returning from the function prior to reaching the end of the function. (b) The meaningful 'minor_status' return value is destroyed during the cleanup operations. The approach taken is to add a new 'exit:' label prior to the end of the function through which all function returns after reaching the 'fail:' label will goto. After 'exit:', the 'cred_handle' will be released and if there is a krb5_context 'context' to be freed, the error info will be saved and krb5_free_context() will be called. In the success case, the krb5_context is saved in the gss context and we now set 'context' to NULL to prevent it from being freed. In order to preserve the minor_status return code, a 'tmp_minor_status' variable is added that is used after the 'fail:' label in calls to krb5_gss_delete_sec_context() and krb5_gss_release_cred(). [1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to the value of 'verifier_cred_handle'. ticket: 5442 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20559 dc483132-0cff-0310-8789-dd5450dbe970
* kadm5_decrypt_key(). This patch prevents the returned keyblock's Jeffrey Altman2008-07-211-1/+2
| | | | | | | | | | enctype from being coerced to the requested 'ktype' if the requested 'ktype' == -1. A ktype of -1 is documented as meaning "to be ignored". ticket: 5840 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20558 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_string_to_keysalts()Jeffrey Altman2008-07-211-1/+1
| | | | | | | | | Fix an infinite loop in the parsing of 'kp' ticket: 5839 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20557 dc483132-0cff-0310-8789-dd5450dbe970
* There are two mutex locking issues that Roland Dowdeswell noticed in Jeffrey Altman2008-07-211-0/+13
| | | | | | | | | | | | | the memory ccache. The first one is in cc_memory.c:krb5_mcc_initialize(). When it is free(3)ing the existing credentials it does not lock the data structures and hence two separate threads can run into issues. The same problem exists in cc_memory.c:krb5_mcc_destroy(). ticket: 5895 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20555 dc483132-0cff-0310-8789-dd5450dbe970
* Assign fixed ordinals to comerr32.dll exportsJeffrey Altman2008-07-211-7/+7
| | | | | | | | | | | | | | All of the other libraries on Windows have fixed assignments of ordinals to the exported functions. Assign the ordinals that were in use in the last public release, kfw 3.2.2, so that they will remain constant into the future in case additional exports are added to the library. ticket: new component: krb5-libs tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20553 dc483132-0cff-0310-8789-dd5450dbe970
* ccdefault.c:Jeffrey Altman2008-07-211-2/+4
| | | | | | | | | | | | | | | | | krb5_cc_default_name() is permitted to return a NULL pointer as a valid output. Passing a NULL pointer to strcmp() will result in an exception as NULL is not a valid input parameter to strcmp(). Save the output of krb5_cc_default_name() to a variable and modify the conditional to set the new default ccache name in the case where there is no existing default ccache name. ticket: 5080 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20551 dc483132-0cff-0310-8789-dd5450dbe970
* Don't set LOCAL_SUBDIRS in many places and SUBDIRS in a few andKen Raeburn2008-07-206-6/+6
| | | | | | | default SUBDIRS to LOCAL_SUBDIRS via pre.in. Instead, just set SUBDIRS in each directory, and don't do anything in pre.in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20546 dc483132-0cff-0310-8789-dd5450dbe970
* Use mkstemp(), and fstat() the file to make sure that the mkstemp()Tom Yu2008-07-181-19/+60
| | | | | | | | implementation is setting sane file modes. ticket: 6002 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20543 dc483132-0cff-0310-8789-dd5450dbe970
* Revert due to potential file modes race conditionTom Yu2008-07-181-18/+14
| | | | | | | ticket: 6002 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20538 dc483132-0cff-0310-8789-dd5450dbe970
* Make krb5_rc_io_creat() use mkstempTom Yu2008-07-181-14/+18
| | | | | | ticket: 6002 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20537 dc483132-0cff-0310-8789-dd5450dbe970
* In krb5_rc_io_creat(), unlink any existing rcache file before tryingTom Yu2008-07-171-1/+2
| | | | | | | | | | | to create a new rcache. This allows better recovery from corrupt rcache files. ticket: 6018 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20536 dc483132-0cff-0310-8789-dd5450dbe970
* Fix indirection on assignment to minor statusTom Yu2008-07-161-4/+4
| | | | | | ticket: 5962 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20530 dc483132-0cff-0310-8789-dd5450dbe970
* Check return value from k5_mutex_lock() to partially mitigate someTom Yu2008-07-162-10/+23
| | | | | | | | assertion failures when mutexes get destroyed out from under us. ticket: 5962 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20529 dc483132-0cff-0310-8789-dd5450dbe970
* r1926@ken-wireless: raeburn | 2008-07-15 16:49:17 -0400Ken Raeburn2008-07-152-0/+72
| | | | | | | | | | | | ticket: 5947 status: open Add a test script for the walk_rtree code, and run some test cases that exercise the problem reported in RT ticket 5947. r1927@ken-wireless: raeburn | 2008-07-15 19:55:10 -0400 Some more test cases. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20528 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_cred_via_tkt() should null out_cred on errorsTom Yu2008-07-151-0/+1
| | | | | | | | | | | | | Helper function krb5_kdcrep2creds(), called from krb5_get_cred_via_tkt(), should null its output pointer after freeing allocated memory, to avoid returning an invalid pointer. ticket: new tags: pullup target_version: 1.6.4 component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20527 dc483132-0cff-0310-8789-dd5450dbe970
* Use all local addresses except loopback addresses, even if a non-loopbackKen Raeburn2008-07-121-17/+26
| | | | | | | | | | | | address appears on a loopback interface. This might happen if that's how your VPN code makes your local address visible. Use a variant of Apple's patch, extended to handle the other variations of local address determination. ticket: 6017 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20513 dc483132-0cff-0310-8789-dd5450dbe970
* Use autogenerated darwin.exports files for server frameworksAlexandra Ellwood2008-07-094-2/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20506 dc483132-0cff-0310-8789-dd5450dbe970
* add copyright to lib/crypto/enc_provider/aes.cTom Yu2008-07-091-0/+26
| | | | | | | | | | | | lib/crypto/enc_provider/aes.c was missing a copyright statement. Added. ticket: new tags: pullup component: krb5-libs target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20503 dc483132-0cff-0310-8789-dd5450dbe970
* Changes to krb5_kt_default_name changed the krb5 ABI. RevertedAlexandra Ellwood2008-07-081-1/+2
| | | | | | | | | API prototype change and added a temporary variable to avoid casting problems. ticket: 5432 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20502 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_gic_opte_copy should copy elements individuallyAlexandra Ellwood2008-07-071-2/+13
| | | | | | | | | | Since we are copying from one structure to another, copy elements. Using memcpy is fragile. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20499 dc483132-0cff-0310-8789-dd5450dbe970
* stop exporting a few symbols internal to aes implementationKen Raeburn2008-07-031-5/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20497 dc483132-0cff-0310-8789-dd5450dbe970
* Added type checking for 64-bit platformsAlexandra Ellwood2008-07-011-7/+10
| | | | | | ticket: 6001 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20495 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_get_error_message returns const char *Alexandra Ellwood2008-07-011-2/+2
| | | | | | | | Changed temporary variables to use const char * ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20494 dc483132-0cff-0310-8789-dd5450dbe970
* memcpy(NULL, ptr, 0) is invalid, so don't do itKen Raeburn2008-06-301-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20492 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2008-06-301-1/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20491 dc483132-0cff-0310-8789-dd5450dbe970
* Big endian stash file supportAlexandra Ellwood2008-06-271-2/+18
| | | | | | | | | | Added support for stash files with a consistent endianness (big endian) so that one can migrate a KDC from a machine with one endianess to a machine with the other endianess. Used by Kerberos for Macintosh. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20489 dc483132-0cff-0310-8789-dd5450dbe970
* misc uninitialized-storage accessesKen Raeburn2008-06-271-0/+1
| | | | | | | | | Fix some miscellaneous uninitialized-storage uses, mainly in unlikely error paths. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20487 dc483132-0cff-0310-8789-dd5450dbe970
* use-after-free bugsKen Raeburn2008-06-271-1/+1
| | | | | | | | | | | Fix some bugs with storage being used immediately after being freed. None look like anything an attacker can really manipulate AFAICT. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20485 dc483132-0cff-0310-8789-dd5450dbe970
* When returning an error, don't also pass back an invalid pointerKen Raeburn2008-06-271-1/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20484 dc483132-0cff-0310-8789-dd5450dbe970
* call kg_delete_lucidctx_id before freeing, not afterKen Raeburn2008-06-271-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20483 dc483132-0cff-0310-8789-dd5450dbe970
* Memory leak, and possible freed-memory dereference, in an error (smallKen Raeburn2008-06-271-1/+1
| | | | | | | | allocation failure) path. ticket: 5997 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20482 dc483132-0cff-0310-8789-dd5450dbe970
* misc memory leaksKen Raeburn2008-06-277-12/+25
| | | | | | | | | | | | Fix various memory leaks that show up mostly in error cases (e.g., failure to allocate one small object, and then we forget to free another one). ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20481 dc483132-0cff-0310-8789-dd5450dbe970
* fix free of automatic storageKen Raeburn2008-06-271-4/+4
| | | | | | | | | | | Fix a possible free of automatic storage that can happen on an (unlikely) encoding failure. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20480 dc483132-0cff-0310-8789-dd5450dbe970
* Don't do FD_SETSIZE check on Windows.Ken Raeburn2008-06-271-1/+3
| | | | | | | | | | | Also, for form's sake, use closesocket instead of close inside the check. Kevin or Jeff, could you please verify that the code works again? ticket: 5925 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20479 dc483132-0cff-0310-8789-dd5450dbe970
* Fix off-by-one error in range check on file descriptor numberKen Raeburn2008-06-271-1/+1
| | | | | | | ticket: new target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20478 dc483132-0cff-0310-8789-dd5450dbe970
* Fix possible null pointer deref, possible uninit ptr use, possibleKen Raeburn2008-06-271-6/+13
| | | | | | | | | leak in unlikely small-allocation failure case. ticket: new target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20477 dc483132-0cff-0310-8789-dd5450dbe970
* Apple PKINIT LKDC supportAlexandra Ellwood2008-06-262-20/+86
| | | | | | | ticket: 5968 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20476 dc483132-0cff-0310-8789-dd5450dbe970
* Rolled back patch because tickets 4495 and 5124 fix this bugAlexandra Ellwood2008-06-251-4/+1
| | | | | | | | in a different way. ticket: 5991 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20474 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_do_preauth_tryagain should check for NULL padataAlexandra Ellwood2008-06-251-1/+4
| | | | | | | | | | Fixed so krb5_do_preauth_tryagain no longer crashes on NULL padata but instead returns an error. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20473 dc483132-0cff-0310-8789-dd5450dbe970
* kadm5_setkey_principal_3 not copying key_data_ver and key_data_kvnoAlexandra Ellwood2008-06-251-0/+2
| | | | | | | | | Added lines to copy these fields. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20472 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-01-16 18:25:13 +0000