Age | Commit message (Collapse) | Author | Files | Lines |
|
gssint_get_mech_type_oid() is used by gss_accept_sec_context() to
determine the mechanism of the token. Without length checking, it
might read a few bytes past the end of the input token buffer. Add
length checking as well as test cases for truncated encapsulations.
Reported by Bar Katz.
(cherry picked from commit f949e990f930f48df1f108fe311c58ae3da18b24)
ticket: 8620
version_fixed: 1.14.7
|
|
Rewrite X509_NAME_oneline_ex() and its call sites to use dynamic
allocation and to perform proper error checking.
(cherry picked from commit fbb687db1088ddd894d975996e5f6a4252b9a2b4)
ticket: 8617
version_fixed: 1.14.7
|
|
|
|
|
|
|
|
If krb5_db_fetch_mkey() prompts for a master key and needs to
determine the kvno, check that the master entry contains any key data
before dereferencing the first element. Reported by Joshua Schaeffer.
(cherry picked from commit 29c504504f0c56c861d968ba2498590bf34714cd)
ticket: 8600
version_fixed: 1.14.6
|
|
Assign status values if S4U2Self padata fails to decode, if an
S4U2Proxy request uses invalid KDC options, or if an S4U2Proxy request
uses an evidence ticket which does not match the canonicalized request
server principal name. Reported by Samuel Cabrero.
If a status value is not assigned during KDC processing, default to
"UNKNOWN_REASON" rather than failing an assertion. This change will
prevent future denial of service bugs due to similar mistakes, and
will allow us to omit assigning status values for unlikely errors such
as small memory allocation failures.
CVE-2017-11368:
In MIT krb5 1.7 and later, an authenticated attacker can cause an
assertion failure in krb5kdc by sending an invalid S4U2Self or
S4U2Proxy request.
CVSSv3 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(cherry picked from commit ffb35baac6981f9e8914f8f3bffd37f284b85970)
ticket: 8599
version_fixed: 1.14.6
|
|
After gss_init_sec_context() or gss_accept_sec_context() has created a
context, don't delete the mechglue context on failures from subsequent
calls, even if the mechanism deletes the mech-specific context (which
is allowed by RFC 2744 but not preferred). Check for union contexts
with no mechanism context in each GSS function which accepts a
gss_ctx_id_t.
CVE-2017-11462:
RFC 2744 permits a GSS-API implementation to delete an existing
security context on a second or subsequent call to
gss_init_sec_context() or gss_accept_sec_context() if the call results
in an error. This API behavior has been found to be dangerous,
leading to the possibility of memory errors in some callers. For
safety, GSS-API implementations should instead preserve existing
security contexts on error until the caller deletes them.
All versions of MIT krb5 prior to this change may delete acceptor
contexts on error. Versions 1.13.4 through 1.13.7, 1.14.1 through
1.14.5, and 1.15 through 1.15.1 may also delete initiator contexts on
error.
(cherry picked from commit 56f7b1bc95a2a3eeb420e069e7655fb181ade5cf)
ticket: 8598
version_fixed: 1.14.6
|
|
Add mask assignments to kadm5_setv4key_principal() and
kadm5_setkey_principal_4() so that their changes to the principal are
properly written to KDB modules which use the mask flag, such as the
LDAP KDB module. Reported by Frank Lonigro.
(cherry picked from commit f8ed1bde848a16dfda5c6558ffe4326acc37bc95)
ticket: 8589
version_fixed: 1.14.6
|
|
In kadm5int_acl_get_line(), increment *lnp after skipping a blank or
comment line, so that kadm5int_acl_load_acl_file() correctly reports
the line number if it fails to parse a line.
In acl_syn_err_msg, use %.10s to limit the amount of the line included
in the error message, not %10s to left-pad it with spaces if it is
shorter than ten characters.
(cherry picked from commit 3efb19294012ad38ac3a95d407e739313838c68a)
ticket: 8588
version_fixed: 1.14.6
|
|
In the normal course of execution, md5.contents allocated by
kg_checksum_channel_bindings() in make_ap_req_v1() is freed in
make_gss_checksum(). But when there is a failure in
krb5_mk_req_extended() or in make_gss_checksum() before free is
called, the memory leaks.
This patch frees the memory unconditionally in make_ap_req_v1().
(cherry picked from commit 29337e7c7b796685fb6a03466d32147e17aa2d16)
ticket: 8584
version_fixed: 1.14.6
|
|
Commit b496ce4095133536e0ace36b74130e4b9ecb5e11 (ticket #8268) adds
the clock skew to krb5 acceptor context lifetimes for
gss_accept_sec_context() and gss_inquire_context(), but not for
gss_context_time(). Add the clock skew in gss_context_time() as well.
(cherry picked from commit b0a072e6431261734e7350996a363801f180e8ea)
ticket: 8581
version_fixed: 1.14.6
|
|
We apply (as of ticket #7604) a ten-second minimum delay after a TCP
connection is accepted before creating new connections or sending UDP
packets. Apply this timeout to HTTPS connections as well, by removing
the transport check in get_endtime(). As the endtime field is only
set by service_tcp_connect(), it will always have the value 0 for UDP
connection state objects, so there is no need to check the transport
type.
(cherry picked from commit aace82e17ed0185faa3e9cda5437a3c6a7a40b10)
ticket: 8580
version_fixed: 1.14.6
|
|
krb5int_utf8cs_to_ucs2les() can read slightly beyond the end of the
input buffer if the buffer ends with an invalid UTF-8 sequence. When
computing the RC4 string-to-key result, make a zero-terminated copy of
the input string and use krb5int_utf8s_to_ucs2les() instead.
(cherry picked from commit b8814745049b5f401e3ae39a81dc1e14598ae48c)
ticket: 8576
version_fixed: 1.14.6
|
|
If we reach the encrypted challenge clpreauth process method without
an armor key, error out instead of crashing. This can happen if (a)
the KDC offers encrypted challenge even though the request doesn't use
FAST (the Heimdal KDC apparently does this), and (b) we fall back to
that preauth method before generating a preauthenticated request,
typically because of a prompter failure in encrypted timestamp.
Reported by Nico Williams.
(cherry picked from commit ff6aac3e018e80fa32df2e14446c6ed9595dfc3c)
ticket: 8573
version_fixed: 1.14.6
|
|
The flags field in krb5_lcc_data is not initialized in
krb5_lcc_resolve(), so krb5_lcc_next_cred() can sometimes fail to
include a ticket when retrieving a ccache entry. This results in a
"Request did not supply a ticket" error from k5_make_tgs_req() when
trying to use the credential.
[ghudson@mit.edu: condensed commit message]
(cherry picked from commit e5a78d4c90d9d6968c94b0c07f2cd3835f02aa5d)
ticket: 8567
version_fixed: 1.14.6
|
|
In krb5int_open_plugin_dirs(), if constructing filepath fails,
filepath is set to null but accessed a few lines later. Add an error
check before calling krb5int_open_plugin().
(cherry picked from commit ec56309e95e37cb3c91bad2a696b9bd094620876)
ticket: 8565
version_fixed: 1.14.6
|
|
autoconf normally avoids recreating files that it does not consider
obsolete. Since it knows nothing about patchlevel.h (which we read at
autoconf time using m4's esyscmd()), changes to patchlevel.h won't be
reflected in configure unless another input to configure has changed,
and the maintainer rule will re-run autoconf over and over again. Fix
this issue by passing the force flag to autoconf when we invoke it
from the maintainer rule.
(cherry picked from commit 7027788ae6adbd06d5a16de6ee62e489a4dca68b)
ticket: 8560
version_fixed: 1.14.6
|
|
In the mechglue gss_inquire_cred_by_oid(), remove an unnecessary
allocation of ret_set which is overwritten by the first mechanism's
result.
(cherry picked from commit 0d39d46852587d36fcc5024d5766586faba9044a)
ticket: 8559
version_fixed: 1.14.6
|
|
In krb5_gss_get_name_attribute(), always ask for kvalue and
kdisplay_value when calling krb5_authdata_get_attribute(), as it
currently expect non-null arguments. This change allows applications
to pass GSS_C_NO_BUFFER for the value and display_value output
parameters. (Passing NULL for the authenticated and complete output
parameters already works.)
[ghudson@mit.edu: initialized kvalue and kdisplay_value for safety]
(cherry picked from commit 0cff20bd02c7e9b0bc88c425b58fa2d379da51b3)
ticket: 8557
version_fixed: 1.14.6
|
|
|
|
|
|
|
|
|
|
(cherry picked from commit 35cd8db0f6627324b3b3a31f29b34774f649263b)
|
|
In sendto_kdc:resolve_server() when resolving a server entry with a
specified transport, defer the resulting addresses if the strategy
dictates that the specified transport is not preferred. Reported by
Jochen Hein.
(cherry picked from commit bc7594058011c2f9711f24af4fa15a421a8d5b62)
ticket: 8554
version_fixed: 1.14.5
|
|
In pkinit_matching.c:parse_rule_set(), apply the default relation when
parsing the second component of a rule, not the third. Otherwise we
apply no default relation to two-component matching rules, effectively
reducing such rules to their second components. Reported by Sumit
Bose.
(cherry picked from commit 67ae7bbe1ea7032d1cb79682be3a14e7e13ec64f)
ticket: 8553
version_fixed: 1.14.5
|
|
decode_data() mixes errno values with OpenSSL return codes. Change
its return type to int, and return 1 on success or 0 on failure.
(back ported from commit cc9035a7d25008bdcd9c7beb01670aa57b51d829)
ticket: 8525
version_fixed: 1.14.5
|
|
In database.rst, describe a couple of krbtgt rollover issues and how
to avoid them.
(cherry picked from commit 56d05e87858b672591c1e6b7869cb08e8b1e0d59)
ticket: 8524
version_fixed: 1.14.5
|
|
When LDAP backend support for policy extensions was added by
5edafa0532 (ticket 7223), the kerberos.ldif change neglected to add
the new attributes to krbPwdPolicy.
(cherry picked from commit 823e3088d835661fd718a941f602bb2972db96c8)
ticket: 8523
version_fixed: 1.14.5
|
|
The upstream OpenLDAP installs slapd in libexec, which is not
typically in the path. Also, copying the binary can sometimes cause
it to fail; for instance, in the OpenCSW package,
/opt/csw/libexec/slapd is a script which chooses a binary based on the
system architecture and the path to the script. Allow the test runner
to set the SLAPD environment variable to specify the slapd location
and avoid the copy.
(cherry picked from commit 9290e52b7f206dcbfd9dd5d873cf9379cb9de760)
ticket: 8521
version_fixed: 1.14.5
|
|
With permission from Danilo Almeida, change the license on
autolock.hxx to the 2-clause BSD license used by MIT krb5.
(cherry picked from commit 90bfe396781c3b2a427c95dd2e58a234027ff269)
ticket: 8520
version_fixed: 1.14.5
|
|
Use zap() or zapfree() in places where we previously used memset() to
scrub memory. Reported by Zhaomo Yang and Brian Johannesmeyer.
(back ported from commit d58cfa06bab766cf1354bc593deea300388072c0)
ticket: 8514
version_fixed: 1.14.5
|
|
The gcc assembly version of zap() could still be optimized out under
gcc 5.1 or later, and the krb5int_zap() function could be optimized
out with link-time optimization. Based on work by Zhaomo Yang and
Brian Johannesmeyer, use the C11 memset_s() when available, then fall
back to a memory barrier with gcc or clang, and finally fall back to
using krb5int_zap(). Modify krb5int_zap() to use a volatile pointer
in case link-time optimization is used.
(cherry picked from commit c163275f899b201dc2807b3ff2949d5e2ee7d838)
ticket: 8514
version_fixed: 1.14.5
|
|
The symbol we need is SD_Init(), not sd_init().
(cherry picked from commit 081ee2f7d98b939bf7b4866845d4243b5ca3992c)
ticket: 8512
version_fixed: 1.14.5
|
|
If krb5_cc_start_seq_get() fails inside the loop, close the current
credential cache before continuing to the next one. Reported by Todd
Lipcon.
(cherry picked from commit 1735f2e74767e56ac3bd75de61d41b8363ec6ce4)
ticket: 8509
version_fixed: 1.14.5
|
|
When using a smart card and constructing a DigestInfo to pass to the
CKM_RSA_PKCS mechanism, make sure to set the AlgorithmIdentifier
parameters correctly. This is typically an ASN.1 NULL value.
Reported to Ubuntu in Launchpad #1629370.
(cherry picked from commit fded9063c23daa3dbd9ffaf32f8145844293f472)
ticket: 8506
version_fixed: 1.14.5
|
|
In the previous code, when the remote peer performed an orderly shutdown
on the socket, libkrad would enter a state in which all future requests
timed out. Instead, if the peer shuts down its socket, we need to
attempt to reopen it.
(cherry picked from commit 248497427d5a45225817b6c22e9224e8ad969872)
ticket: 8504
version_fixed: 1.14.5
|
|
Describe the principal selection behavior of kinit when the principal
argument is absent.
(cherry picked from commit 9896d4ffecb69f0262375b2f0db5b275a5e25de9)
ticket: 8403
version_fixed: 1.14.5
|
|
(cherry picked from commit f619c2621443d9463898c434828dc67e587c2afd)
ticket: 8500
version_fixed: 1.14.5
|
|
In the k5srvutil man page, do not give the impression that arbitrary
new keys can be added to the keytab (requested by Dan Gillmor), since
only the new keys randomly generated by the KDC via 'k5srvutil change'
can be added to the keytab. Reiterate the importance of running
k5srvutil delold after running k5srvutil change in the description of
k5srvutil change, as well as in the description of k5srvutil delold
itself.
In install_kdc.rst, mention using a separate keytab file when
generating a keytab on a KDC for use on another host.
[ghudson@mit.edu: squashed two commits, condensed commit message]
(cherry picked from commit b1e655b38b60a05d4d2e4e0d4aedb7a9c36ab93b)
ticket: 8500
version_fixed: 1.14.5
|
|
Successful calls to krb5_kt_next_entry() return a krb5_keytab_entry
that the caller is responsible for freeing. Note this, and the
proper function to do so, in the doxygen comments.
(cherry picked from commit e70c73b804400a2f18a044dd386dbf1a8430b92e)
ticket: 8500
version_fixed: 1.14.5
|
|
In prepare_error_as(), if krb5_us_timeofday() fails and error pa-data
was supplied, the FAST cookie and a shallow copy of the error padata
can be leaked. Reported by Will Fiveash.
(cherry picked from commit 8d852c577039d59e1bea383e4ddfe575c20f240d)
ticket: 8498
version_fixed: 1.14.5
|
|
|
|
|
|
|
|
|
|
(cherry picked from commit f60ac0e5256d9a4006688b0e1c5cc8caf7c9d2b3)
ticket: 8489
version_fixed: 1.14.4
|
|
(back ported from commit 4613d503986f34f05ff310fcc580f65ba60eec5b)
ticket: 8493
version_fixed: 1.14.4
|
|
In the libdb2 btree back end, splitting a page at an overflow key
could result in an unaligned access, causing a crash (and data
corruption) on platforms with strict alignment. This probably occurs
only rarely in practice.
(cherry picked from commit 537aba0dda3a1f696f10fde56348fde06d88939c)
ticket: 8493
version_fixed: 1.14.4
|