summaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Bump minor version number. Update dependenciesKen Raeburn2008-06-251-1/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20470 dc483132-0cff-0310-8789-dd5450dbe970
* Pull in xdr_sizeof from tirpc2.3 (which has the same license as our current ↵Ken Raeburn2008-06-253-0/+167
| | | | | | rpc code) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20468 dc483132-0cff-0310-8789-dd5450dbe970
* Include kdb_log.h for missing prototypes. Declare conv_princ_2db &Ezra Peisach2008-06-241-2/+3
| | | | | | conv_princ_2ulog as static as they are not exported or used outside this file. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20466 dc483132-0cff-0310-8789-dd5450dbe970
* Merge from branch sun-ipropKen Raeburn2008-06-2419-73/+3004
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20465 dc483132-0cff-0310-8789-dd5450dbe970
* Remove test115 for 'bad client params', no longer appropriateKen Raeburn2008-06-191-104/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20429 dc483132-0cff-0310-8789-dd5450dbe970
* This patch is derived from a patch originally submitted to RTJeffrey Altman2008-06-182-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | by: Nik Conwell <nik@bu.edu> krb5_set_real_time() accepts as input the time of the KDC or an application server as a combination of seconds and microseconds. Often it is the case that the time source does not provide the real time with less than one second granularity. Up until this patch such a caller would fill in the microseconds parameter as zero. krb5_set_real_time() would treat the zero microseconds as the actual reported time and compute a microsecond based offset. During a one second window subsequent calls to krb5_set_real_time() would have an ever increasing offset size until the number of seconds is incremented. This in turn produces a side effect in which the microseconds value of the local clock is effectively erased. If there are multiple processes or threads on the same machine each requesting service tickets using the same client principal for the same service principal where the number of seconds reported by the KDC are equivalent, then they will now all create authenticators with exactly the same timestamp. As a result, the authenticating service will detect a replay attack even though the authenticators are actually unique. The replay cache only maintains a tuple of client, server and timestamp. This patch modifies the interpretation of the microseconds parameter. If -1 is specified, the microseconds offset is ignored. ticket: 5924 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20413 dc483132-0cff-0310-8789-dd5450dbe970
* Disable check for invalid client-side admin config parameters in theKen Raeburn2008-06-181-1/+5
| | | | | | | config file. Since KDC configuration parameters can now be put in krb5.conf, this doesn't make sense any more. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20411 dc483132-0cff-0310-8789-dd5450dbe970
* Factor out repeated code for looking up string, port, or deltat config paramsKen Raeburn2008-06-111-150/+144
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20395 dc483132-0cff-0310-8789-dd5450dbe970
* Don't use private copy of syslog.h. Rebuild dependenciesKen Raeburn2008-06-104-12/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20386 dc483132-0cff-0310-8789-dd5450dbe970
* Warn against new uses of kadm5_config_params.dbname fieldKen Raeburn2008-06-101-0/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20384 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of handling of set-but-unused kadm5_config_params.admin_dbnameKen Raeburn2008-06-103-14/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20383 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of handling of set-but-unused kadm5_config_params.admin_lockfileKen Raeburn2008-06-103-11/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20381 dc483132-0cff-0310-8789-dd5450dbe970
* Don't check for NULL before calling free or krb5_xfreeKen Raeburn2008-06-091-43/+21
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20379 dc483132-0cff-0310-8789-dd5450dbe970
* Report file name in detailed cache creation errorKen Raeburn2008-06-081-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20371 dc483132-0cff-0310-8789-dd5450dbe970
* Do hash stuff with unsigned mathKen Raeburn2008-06-081-8/+9
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20370 dc483132-0cff-0310-8789-dd5450dbe970
* On Mac OS X, try poking launchd to get the portmapper launched beforeKen Raeburn2008-06-061-3/+55
| | | | | | we try to connect to it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20364 dc483132-0cff-0310-8789-dd5450dbe970
* Check for GSS_C_NO_CREDENTIAL before loop checkKen Raeburn2008-06-061-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20363 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a few incompatible-pointer warnings that aren't just about signednessKen Raeburn2008-06-025-13/+17
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20351 dc483132-0cff-0310-8789-dd5450dbe970
* Change krb5_context.db_context to point to the real structure type,Ken Raeburn2008-06-024-82/+81
| | | | | | | | and change uses to not cast all the time. Also rename it from db_context to dal_handle, since one of the fields in the pointed-to structure is also called db_context. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20348 dc483132-0cff-0310-8789-dd5450dbe970
* Add header for kill() in USE_PASSWORD_SERVER caseAlexandra Ellwood2008-05-301-0/+2
| | | | | | ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20347 dc483132-0cff-0310-8789-dd5450dbe970
* Apple PKINIT patch commitAlexandra Ellwood2008-05-308-4/+3189
| | | | | | | | | | | | | Commit of Apple PKINIT patches under "APPLE_PKINIT" preprocessor symbol. Long term goal is to merge these patches with the pkinit preauth plugin which does not currently have support for Mac OS X crypto libraries or the exported functions used by Back To My Mac. ticket: new status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20346 dc483132-0cff-0310-8789-dd5450dbe970
* Minor spelling & comment formattingKen Raeburn2008-05-161-13/+19
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20322 dc483132-0cff-0310-8789-dd5450dbe970
* Move auto var to outer scope, because its storage is used beyond the inner scopeKen Raeburn2008-05-151-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20320 dc483132-0cff-0310-8789-dd5450dbe970
* Don't test error code when it's known to be 0Ken Raeburn2008-05-151-3/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20319 dc483132-0cff-0310-8789-dd5450dbe970
* Fix minor bug in kg_save_name failure cleanup codeKen Raeburn2008-05-151-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20318 dc483132-0cff-0310-8789-dd5450dbe970
* Free context after use, not beforeKen Raeburn2008-05-151-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20317 dc483132-0cff-0310-8789-dd5450dbe970
* (more) After malloc/realloc/calloc/strdup/asprintf failures, useKen Raeburn2008-04-307-12/+12
| | | | | | | | ENOMEM explicitly instead of reading it from errno. This may make static analysis tools less confused about when we return zero vs nonzero values. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20313 dc483132-0cff-0310-8789-dd5450dbe970
* After malloc/realloc/calloc failures, return ENOMEM explicitly insteadKen Raeburn2008-04-3010-21/+21
| | | | | | | of reading it from errno. This may make static analysis tools less confused about when we return zero vs nonzero values. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20312 dc483132-0cff-0310-8789-dd5450dbe970
* Left-shifting all the way in signed math is undefined, use unsignedKen Raeburn2008-04-251-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20310 dc483132-0cff-0310-8789-dd5450dbe970
* Multiple assignments without sequence points invoke undefinedKen Raeburn2008-04-251-6/+12
| | | | | | | behavior, even if the assignments all compute and store the same value. Don't put an assignment in the argument to macro ff(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20309 dc483132-0cff-0310-8789-dd5450dbe970
* Don't do UTF-8 bits (and include Apple headers) when just rebuilding ↵Ken Raeburn2008-04-241-2/+2
| | | | | | dependencies git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20306 dc483132-0cff-0310-8789-dd5450dbe970
* fix possible buffer overrun in handling generic-error returnKen Raeburn2008-04-181-2/+3
| | | | | | | | | | | | | | | | | | | Jeff Altman reported this, based on a crash seen in KfW in the wild. The krb5_data handle used to describe the message field returned by the KDC is not null-terminated, but we use a "%s" format to incorporate it into an error message string. In the right circumstances, garbage bytes can be pulled into the string, or a memory fault may result. However, as this is in the error-reporting part of the client-side code for fetching new credentials, it's a relatively minor DoS attack only, not a serious security exposure. Should be fixed in the next releases, though. ticket: new target_version: 1.6.5 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20304 dc483132-0cff-0310-8789-dd5450dbe970
* Pull out generic array expansion code from array_append macro into aKen Raeburn2008-04-031-7/+22
| | | | | | | separate function. Add some range checks, and don't bother separating malloc vs realloc depending on previous pointer value. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20302 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 220: NULL check of "buf" after dereferenceKen Raeburn2008-03-291-1/+3
| | | | | | | | All call sites have previously dereferenced the pointer, but to keep the interface simple, keep the null check, and move the dereference to after it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20300 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 46: mech_type will always have the address of anKen Raeburn2008-03-291-3/+0
| | | | | | | | automatic variable, so can never be null (GSS_C_NULL_OID). Delete null check and unreachable conditional code. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20299 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 47: Unreachable codeKen Raeburn2008-03-291-6/+0
| | | | | | Delete redundant "status" check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20298 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 91: Context is tested for null, and then unconditionallyKen Raeburn2008-03-291-1/+1
| | | | | | | | dereferenced. Remove unneeded null check. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20297 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity CID 228: Possible use of uninitialized variable time_req inKen Raeburn2008-03-292-1/+30
| | | | | | | | | | gss_add_cred if cred_usage has an invalid value. (Also flagged by GCC.) Changed validation routines for gss_add_cred, gss_acquire_cred, and gss_store_cred to check the cred_usage value. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20295 dc483132-0cff-0310-8789-dd5450dbe970
* MITKRB5-SA-2008-002Ken Raeburn2008-03-182-2/+29
| | | | | | | | | | | | | | Fix MITKRB5-SA-2008-002: array overrun in libgssrpc. Don't update the internally-tracked maximum file descriptor value if the new one is FD_SETSIZE (or NOFILE) or above. Reject TCP file descriptors of FD_SETSIZE (NOFILE) or above. ticket: new target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20278 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leak by delaying instantiation of lid until it's neededJustin Anderson2008-03-041-7/+6
| | | | | | | ticket: 5897 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20254 dc483132-0cff-0310-8789-dd5450dbe970
* Add "-framework CoreFoundation" to crypto library link command in darwin-modeKen Raeburn2008-03-041-1/+1
| | | | | | | | | build on mac. ticket: 5894 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20253 dc483132-0cff-0310-8789-dd5450dbe970
* Make a NUL-terminated copy of realm name before passing to a pluginTom Yu2008-02-291-1/+16
| | | | | | | | | | interface that takes a C string rather than krb5_data. ticket: 5893 tags: pullup target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20243 dc483132-0cff-0310-8789-dd5450dbe970
* krb5int_arcfour_string_to_key does not support utf-8 stringsAlexandra Ellwood2008-02-261-9/+47
| | | | | | | | | | | | | | | | krb5int_arcfour_string_to_key converts C strings to UTF-16 before passing them to the string to key function. Currently the UTF-16 conversion assumes the input string is ASCII only. Added support to convert UTF-8 strings to UTF-16 on Mac OS X. Leaving the bug open until we discuss if we want to have implementations for Unix and Windows platforms. ticket: new status: open target_version: 1.7 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20242 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-5902: integer overflow in svcauth_gss_get_principal()Tom Yu2007-12-141-1/+1
| | | | | | | | ticket: 5855 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20181 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-5971: double-free in gss_krb5int_make_seal_token_v3()Tom Yu2007-12-141-1/+0
| | | | | | | | ticket: 5856 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20180 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-5972: double fclose() in krb5_def_store_mkey()Tom Yu2007-12-141-2/+1
| | | | | | | | ticket: 5857 target_version: 1.6.4 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20179 dc483132-0cff-0310-8789-dd5450dbe970
* fix CVE-2007-5971: free of non-heap pointer in gss_indicate_mechs()Tom Yu2007-12-141-1/+1
| | | | | | | | ticket: 5856 tags: pullup target_version: 1.6.4 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20178 dc483132-0cff-0310-8789-dd5450dbe970
* copy correct key for lucid context acceptor_subkeyKevin Coffman2007-12-121-1/+1
| | | | | | | | | | Copy the correct key (acceptor_subkey) to lucid context's acceptor_subkey. ticket: new component: krb5-libs Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20175 dc483132-0cff-0310-8789-dd5450dbe970
* Set close-on-exec flag in most places where file descriptors areKen Raeburn2007-10-2232-40/+122
| | | | | | | | | | | | | | | | | | | | | | | | | | | opened in our libraries (in case another application thread spawns a new process) and in the KDC programs (in case a plugin library spawns a new process). Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup dup2 pipe. In: util lib plugins kdc kadmin/server krb524. The various programs are less critical than the libraries, as any well-written plugin that spawns a new process should close all file descriptors it doesn't need to communicate with the new process. This approach also isn't bulletproof, as the call to set the close-on-exec flag is necessarily a separate call from creating the file descriptor, and the fork call could happen in between them. So plugins should be careful regardless of this patch; it will only reduce the window of potential lossage should a plugin be poorly written. (AFAIK there are currently no plugins that spawn processes where this would be a problem.) Update dependencies. ticket: 5561 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
* Reject socket fds > FD_SETSIZEKen Raeburn2007-10-181-0/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20127 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2026-01-15 07:13:36 +0000