| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
------------------------------------------------------------------------
r24909 | tlyu | 2011-05-02 16:57:23 -0400 (Mon, 02 May 2011) | 7 lines
ticket: 6906
subject: modernize doc/Makefile somewhat
status: open
Modernize doc/Makefile somewhat so that it can run more usefully on
modern non-Athena machines.
ticket: 6986
version_fixed: 1.7.3
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@25377 dc483132-0cff-0310-8789-dd5450dbe970
|
|
pull up r24693 from trunk
------------------------------------------------------------------------
r24693 | tlyu | 2011-03-08 15:53:55 -0500 (Tue, 08 Mar 2011) | 8 lines
ticket: 6844
tags: pullup
target_version: 1.9.1
Fix a memory leak independently found by Tim Pozdeev and Arlene Berry.
This change should be pulled up to the 1.8 and 1.7 branches as well.
ticket: 6985
version_fixed: 1.7.3
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@25376 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@24943 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@24941 dc483132-0cff-0310-8789-dd5450dbe970
|
|
back-port r24878 for 1.7-branch
------------------------------------------------------------------------
r24878 | tlyu | 2011-04-13 14:43:37 -0400 (Wed, 13 Apr 2011) | 11 lines
ticket: 6899
tags: pullup
target_version: 1.9.1
Fix the sole case in process_chpw_request() where a return could occur
without allocating the data pointer in the response. This prevents a
later free() of an invalid pointer in kill_tcp_or_rpc_connection().
Also initialize rep->data to NULL in process_chpw_request() and clean
up *response in dispatch() as an additional precaution.
ticket: 6901
status: resolved
version_fixed: 1.7.2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@24881 dc483132-0cff-0310-8789-dd5450dbe970
|
|
pull up r24705 from trunk
------------------------------------------------------------------------
r24705 | tlyu | 2011-03-15 17:47:19 -0400 (Tue, 15 Mar 2011) | 8 lines
ticket: 6881
subject: KDC double-free when PKINIT enabled [MITKRB5-SA-2011-003 CVE-2011-0284]
tags: pullup
target_version: 1.9.1
Fix a double-free condition in the KDC that can occur during an
AS-REQ when PKINIT is enabled.
ticket: 6883
version_fixed: 1.7.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@24708 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@24632 dc483132-0cff-0310-8789-dd5450dbe970
|
|
pull up r24622 from trunk, except for the fix for CVE-2011-0283, which
only applies to krb5-1.9.
------------------------------------------------------------------------
r24622 | tlyu | 2011-02-09 15:25:08 -0500 (Wed, 09 Feb 2011) | 10 lines
ticket: 6860
subject: KDC denial of service attacks [MITKRB5-SA-2011-002 CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
tags: pullup
target_version: 1.9.1
[CVE-2011-0281 CVE-2011-0282] Fix some LDAP back end principal name
handling that could cause the KDC to hang or crash.
[CVE-2011-0283] Fix a KDC null pointer dereference introduced in krb5-1.9.
ticket: 6865
version_fixed: 1.7.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@24628 dc483132-0cff-0310-8789-dd5450dbe970
|
|
pull up r24621 from trunk
------------------------------------------------------------------------
r24621 | tlyu | 2011-02-09 15:25:03 -0500 (Wed, 09 Feb 2011) | 8 lines
ticket: 6859
subject: kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]
tags: pullup
target_version: 1.9.1
When operating in standalone mode and not doing iprop, don't return
from do_standalone() if the child exits with abnormal status.
ticket: 6864
version_fixed: 1.7.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@24627 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Apply patch for MITKRB5-SA-2010-007.
Fix multiple checksum handling bugs, as described in:
CVE-2010-1324
CVE-2010-1323
CVE-2010-4020
CVE-2010-4021
* Return the correct (keyed) checksums as the mandatory checksum type
for DES enctypes.
* Restrict simplified-profile checksums to their corresponding etypes.
* Add internal checks to reduce the risk of stream ciphers being used
with simplified-profile key derivation or other algorithms relying
on the block encryption primitive.
* Use the mandatory checksum type for the PKINIT KDC signature,
instead of the first-listed keyed checksum.
* Use the mandatory checksum type when sending KRB-SAFE messages by
default, instead of the first-listed keyed checksum.
* Use the mandatory checksum type for the t_kperf test program.
* Use the mandatory checksum type (without additional logic) for the
FAST request checksum.
* Preserve the existing checksum choices (unkeyed checksums for DES
enctypes) for the authenticator checksum, using explicit logic.
* Ensure that SAM checksums received from the KDC are keyed.
* Ensure that PAC checksums are keyed.
ticket: 6837
target_version: 1.7.2
version_fixed: 1.7.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@24562 dc483132-0cff-0310-8789-dd5450dbe970
|
|
pull up r24056 from trunk
------------------------------------------------------------------------
r24056 | tlyu | 2010-05-19 14:09:37 -0400 (Wed, 19 May 2010) | 8 lines
ticket: 6725
subject: CVE-2010-1321 GSS-API lib null pointer deref (MITKRB5-SA-2010-005)
tags: pullup
target_version: 1.8.2
Make krb5_gss_accept_sec_context() check for a null authenticator
checksum pointer before attempting to dereference it.
ticket: 6729
target_version: 1.7.2
version_fixed: 1.7.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@24067 dc483132-0cff-0310-8789-dd5450dbe970
|
|
pull up r23959 from trunk
------------------------------------------------------------------------
r23959 | tlyu | 2010-04-30 17:10:55 -0400 (Fri, 30 Apr 2010) | 8 lines
ticket: 6711
subject: memory leak in process_tgs_req in r23724
tags: pullup
target_version: 1.8.2
Fix a KDC memory leak that was introduced by r23724 that could leak
the decoded request.
ticket: 6728
target_version: 1.7.2
version_fixed: 1.7.2
tags: pullup
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@24066 dc483132-0cff-0310-8789-dd5450dbe970
|
|
pull up r23912 from trunk
------------------------------------------------------------------------
r23912 | tlyu | 2010-04-20 17:12:10 -0400 (Tue, 20 Apr 2010) | 11 lines
ticket: 6702
target_version: 1.8.2
tags: pullup
Fix CVE-2010-1230 (MITKRB5-SA-2010-004) double-free in KDC triggered
by ticket renewal. Add a test case.
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490
Thanks to Joel Johnson and Brian Almeida for the reports.
ticket: 6727
tags: pullup
target_version: 1.7.2
version_fixed: 1.7.2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@24065 dc483132-0cff-0310-8789-dd5450dbe970
|
|
pull up r23832 from trunk
------------------------------------------------------------------------
r23832 | tlyu | 2010-03-23 14:53:52 -0400 (Tue, 23 Mar 2010) | 8 lines
ticket: 6690
target_version: 1.8.1
tags: pullup
subject: MITKRB5-SA-2010-002 CVE-2010-0628 denial of service in SPNEGO
The SPNEGO implementation in krb5-1.7 and later could crash due to
assertion failure when receiving some sorts of invalid GSS-API tokens.
ticket: 6694
version_fixed: 1.7.2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23850 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23679 | ghudson | 2010-01-31 13:04:48 -0800 (Sun, 31 Jan 2010) | 4 lines
ticket: 6650
Fix minor error-handling bug in r23676.
ticket: 6650
version_fixed: 1.7.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23823 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23676 | ghudson | 2010-01-28 13:39:31 -0800 (Thu, 28 Jan 2010) | 17 lines
ticket: 6650
subject: Handle migration from pre-1.7 databases with master key kvno != 1
target_version: 1.7.1
tags: pullup
krb5_dbe_lookup_mkvno assumes an mkvno of 1 for entries with no
explicit tl_data. We've seen at least one pre-1.7 KDB with a master
kvno of 0, violating this assumption. Fix this as follows:
* krb5_dbe_lookup_mkvno outputs 0 instead of 1 if no tl_data exists.
* A new function krb5_dbe_get_mkvno translates this 0 value to the
minimum version number in the mkey_list. (krb5_dbe_lookup_mkvno
cannot do this as it doesn't take the mkey_list as a parameter.)
* Call sites to krb5_dbe_lookup_mkvno are converted to
krb5_dbe_get_mkvno, except for an LDAP case where it is acceptable
to store 0 if the mkvno is unknown.
ticket: 6650
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23822 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23724 | tlyu | 2010-02-16 17:10:17 -0500 (Tue, 16 Feb 2010) | 10 lines
ticket: 6662
subject: MITKRB5-SA-2010-001 CVE-2010-0283 KDC denial of service
tags: pullup
target_version: 1.8
Code introduced in krb5-1.7 can cause an assertion failure if a
KDC-REQ is internally inconsistent, specifically if the ASN.1 tag
doesn't match the msg_type field. Thanks to Emmanuel Bouillon (NATO
C3 Agency) for discovering and reporting this vulnerability.
ticket: 6664
version_fixed: 1.7.2
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23731 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23693 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23691 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23686 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23685 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23683 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23670 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23668 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23482 | ghudson | 2009-12-21 12:58:12 -0500 (Mon, 21 Dec 2009) | 9 lines
ticket: 6594
target_version: 1.7.1
tags: pullup
Add a set_cred_option handler for SPNEGO which forwards to the
underlying mechanism. Fixes SPNEGO credential delegation in 1.7 and
copying of SPNEGO initiator creds in both 1.7 and trunk. Patch
provided by nalin@redhat.com.
ticket: 6594
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23655 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23492 | hartmans | 2009-12-23 16:09:50 -0500 (Wed, 23 Dec 2009) | 17 lines
Subject: ad-initial-verified-cas logic broken
ticket: 6587
status: open
In the initial pkinit implementation, the server plugin generates an
incorrect encoding for ad-initial-verified-cas. In particular, it
assumes that ad-if-relevant takes a single authorization data element
not a sequence of authorization data elements. Nothing looked at the
authorization data in 1.6.3 so this was not noticed. However in 1.7,
the FAST implementation looks for authorization data. In 1.8 several
more parts of the KDC examine authorization data. The net result is
that the KDC fails to process the TGT it issues.
However on top of this bug, there is a spec problem. For many of its
intended uses, ad-initial-verified-cas needs to be integrity
protected by the KDC in order to prevent a client from injecting it.
So, it should be contained in kdc-issued not ad-if-relevant.
For now we're simply removing the generation of this AD element until
the spec is clarified.
------------------------------------------------------------------------
ticket: 6587
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23654 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Fix integer underflow in AES and RC4 decryption.
[MITKRB5-SA-2009-004, CVE-2009-4212]
ticket: 6637
target_version: 1.7.1
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23651 dc483132-0cff-0310-8789-dd5450dbe970
|
|
changes to compensate for the existence of the api.0/ unit tests that
removed for 1.8. Don't pull up the kadmin CLI changes for now.
------------------------------------------------------------------------
r23610 | ghudson | 2010-01-07 21:43:21 -0500 (Thu, 07 Jan 2010) | 10 lines
ticket: 6626
subject: Restore interoperability with 1.6 addprinc -randkey
tags: pullup
target_version: 1.8
The arcfour string-to-key operation in krb5 1.7 (or later) disagrees
with the dummy password used by the addprinc -randkey operation in
krb5 1.6's kadmin client, because it's not valid UTF-8. Recognize the
1.6 dummy password and use a random password instead.
------------------------------------------------------------------------
r22784 | ghudson | 2009-09-24 11:40:26 -0400 (Thu, 24 Sep 2009) | 2 lines
Fix kadm5 unit test modified in r22782.
------------------------------------------------------------------------
r22782 | ghudson | 2009-09-21 14:40:02 -0400 (Mon, 21 Sep 2009) | 5 lines
Improve the mechanism used for addprinc -randkey. In the kadmin
server, if the password is null when creating a principal, treat that
as a request for a random key. In the kadmin client, try using the
new method for random key creation and then fall back to the old one.
ticket: 6635
version_fixed: 1.7.1
target_version: 1.7.1
status: resolved
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23650 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r22518 | raeburn | 2009-08-12 13:58:24 -0400 (Wed, 12 Aug 2009) | 19 lines
r22529@squish: raeburn | 2009-08-12 13:49:45 -0400
.
r22530@squish: raeburn | 2009-08-12 13:55:57 -0400
Change KRBCONF_KDC_MODIFIES_KDB to a mostly run-time option.
Change all code conditionals to test a new global variable, the
initial value of which is based on KRBCONF_KDC_MODIFIES_KDB. There is
currently no way to alter the value from the command line; that will
presumably be desired later.
Change initialize_realms to store db_args in a global variable. In
process_as_req, call db_open instead of the old set_name + init.
Don't reopen if an error is reported by krb5_db_fini.
Add a test of running kinit with an incorrect password, to trigger a
kdb update if enabled.
r22531@squish: raeburn | 2009-08-12 13:58:13 -0400
Fix trailing whitespace.
ticket: 5668
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23647 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23629 | ghudson | 2010-01-11 20:07:48 -0500 (Mon, 11 Jan 2010) | 9 lines
ticket: 6633
subject: Use keyed checksum type for DES FAST
target_version: 1.7
tags: pullup
DES enctypes have unkeyed mandatory-to-implement checksums. Since
FAST requires a keyed checksum, we must pick something else in that
case.
ticket: 6633
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23646 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23397 | ghudson | 2009-11-30 20:36:42 -0500 (Mon, 30 Nov 2009) | 10 lines
ticket: 6589
subject: Fix AES IOV decryption of small messages
tags: pullup
target_version: 1.7.1
AES messages never need to be padded because the confounder ensures
that the plaintext is at least one block long. Remove a check in
krb5int_dk_decrypt_iov which was rejecting short AES messages because
it didn't count the header length.
ticket: 6589
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23645 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23389 | ghudson | 2009-11-30 14:03:58 -0500 (Mon, 30 Nov 2009) | 10 lines
ticket: 6588
subject: Fix ivec chaining for DES iov encryption
tags: pullup
target_version: 1.7.1
krb5int_des_cbc_decrypt_iov was using a plaintext block to update the
ivec. Fix it to use the last cipher block, borrowing from the
corresponding des3 function. The impact of this bug is not serious
since ivec chaining is not typically used with IOV encryption in 1.7.
ticket: 6588
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23644 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23384 | hartmans | 2009-11-30 09:14:47 -0500 (Mon, 30 Nov 2009) | 4 lines
ticket: 6585
Fix memory leak
------------------------------------------------------------------------
r23325 | hartmans | 2009-11-23 20:05:30 -0500 (Mon, 23 Nov 2009) | 12 lines
ticket: 6585
subject: KDC MUST NOT accept ap-request armor in FAST TGS
target_version: 1.7.1
tags: pullup
Per the latest preauth framework spec, the working group has decided
to forbid ap-request armor in the TGS request because of security
problems with that armor type.
This commit was tested against an implementation of FAST TGS client to
confirm that if explicit armor is sent, the request is rejected.
ticket: 6585
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23643 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23361 | tlyu | 2009-11-25 22:54:59 -0500 (Wed, 25 Nov 2009) | 15 lines
ticket: 6584
target_version: 1.7.1
tags: pullup
Pullup to 1.7-branch is only for the test case, as krb5-1.7 behaved
correctly for these checksums.
Fix regression in MD4-DES and MD5-DES keyed checksums. The original
key was being used for the DES encryption, not the "xorkey". (key
with each byte XORed with 0xf0)
Add a test case that will catch future regressions of this sort, by
including a verification of a "known-good" checksum (derived from a
known-to-be-interoperable version of the implementation).
ticket: 6584
version_fixed: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23642 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23145 | raeburn | 2009-11-09 11:56:01 -0500 (Mon, 09 Nov 2009) | 4 lines
ticket: 6579
Revise patch to avoid using changequote.
------------------------------------------------------------------------
r23144 | raeburn | 2009-11-09 01:13:34 -0500 (Mon, 09 Nov 2009) | 21 lines
ticket: 6579
target_version: 1.7.1
tags: pullup
subject: quoting bug causes solaris pre-10 thread handling bugs
Quoting problems in pattern matching on the OS name cause Solaris
versions up through 9 to not be properly recognized in the
thread-system configuration setup. This causes our libraries to make
the erroneous assumption that valid thread support routines are
available on all Solaris systems, rather than just assuming it for
Solaris 10 and later.
The result is assertion failures like this one reported by Meraj
Mohammed and others:
Assertion failed: k5int_i->did_run != 0, file krb5_libinit.c, line 63
Thanks to Tom Shaw for noticing the cause of the problem.
The bug may be present in the 1.6.x series as well.
ticket: 6579
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23641 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r22890 | ghudson | 2009-10-13 15:43:17 -0400 (Tue, 13 Oct 2009) | 11 lines
ticket: 6573
subject: Fix preauth looping in krb5_get_init_creds
tags: pullup
target_version: 1.7.1
In 1.7, krb5_get_init_creds will continue attempting the same built-in
preauth mechanism (e.g. encrypted timestamp) until the loop counter
maxes out. Until the preauth framework can remember not to retry
built-in mechanisms, only continue with preauth after a PREAUTH_FAILED
error resulting from optimistic preauth.
ticket: 6573
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23640 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 6571
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23639 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r22872 | ghudson | 2009-10-09 10:21:04 -0400 (Fri, 09 Oct 2009) | 7 lines
ticket: 6571
tags: pullup
target_version: 1.7.1
In asn1_decode_enc_kdc_rep_part, don't leak the enc_padata field on
invalid representations.
ticket: 6571
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23638 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r22781 | ghudson | 2009-09-21 12:11:26 -0400 (Mon, 21 Sep 2009) | 10 lines
ticket: 6568
subject: Fix addprinc -randkey when policy requires multiple character classes
tags: pullup
target_version: 1.7.1
The fix for ticket #6074 (r20650) caused a partial regression of
ticket #115 (r9210) because the dummy password contained only one
character class. As a minimal 1.7 fix, use all five character classes
in the dummy password.
ticket: 6568
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23637 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r22732 | ghudson | 2009-09-11 13:30:51 -0400 (Fri, 11 Sep 2009) | 7 lines
ticket: 6559
subject: Fix parsing of GSS exported names
tags: pullup
target_version: 1.7.1
Cherry-picked from Luke's authdata branch.
ticket: 6559
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23636 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r22718 | ghudson | 2009-09-09 11:17:09 -0400 (Wed, 09 Sep 2009) | 8 lines
ticket: 6558
subject: Fix memory leak in gss_krb5int_copy_ccache
tags: pullup
target_version: 1.7.1
gss_krb5int_copy_ccache was iterating over credentials in a ccache
without freeing them.
ticket: 6558
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23635 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r22710 | ghudson | 2009-09-03 16:41:56 -0400 (Thu, 03 Sep 2009) | 10 lines
ticket: 6557
subject: Supply canonical name if present in LDAP iteration
target_version: 1.7.1
tags: pullup
In the presence of aliases, LDAP iteration was supplying the first
principal it found within the expected realm, which is not necessarily
the same as the canonical name. If the entry has a canonical name
field, use that in preference to any of the principal names.
ticket: 6557
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23634 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r22708 | ghudson | 2009-09-03 13:39:50 -0400 (Thu, 03 Sep 2009) | 9 lines
ticket: 6556
subject: Supply LDAP service principal aliases to non-referrals clients
target_version: 1.7
tags: pullup
In the LDAP back end, return aliases when the CLIENT_REFERRALS_ONLY
flag isn't set (abusing that flag to recognize a client name lookup).
Based on a patch from Luke Howard.
ticket: 6556
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23633 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r22648 | tlyu | 2009-08-28 17:36:28 -0400 (Fri, 28 Aug 2009) | 8 lines
ticket: 6553
subject: use perror instead of error in kadm5 test suite
target_version: 1.7.1
tags: pullup
Use "perror" instead of "error" to ensure that framework error
conditions actually cause "make check" to report failure.
ticket: 6553
version_fixed: 1.7.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23632 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r22644 | ghudson | 2009-08-28 13:23:20 -0400 (Fri, 28 Aug 2009) | 8 lines
ticket: 6552
subject: Document kinit -C and -E options
target_version: 1.7.1
tags: pullup
kinit -C (canonicalize name) and -E (enterprise principal name)
weren't documented in the man page.
ticket: 6552
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23631 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r22643 | ghudson | 2009-08-28 12:00:54 -0400 (Fri, 28 Aug 2009) | 7 lines
ticket: 6534
Disable the COPY_FIRST_CANONNAME workaround on Linux glibc 2.4 and
later, since it leaks memory on fixed glibc versions. We will still
leak memory on glibc 2.3.4 through 2.3.6 (e.g. RHEL 4) but that's
harder to detect.
ticket: 6534
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23630 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r23533 | tlyu | 2009-12-28 21:42:51 -0500 (Mon, 28 Dec 2009) | 10 lines
ticket: 6608
subject: MITKRB5-SA-2009-003 CVE-2009-3295 KDC null deref in referrals
tags: pullup
target_version: 1.7.1
On certain error conditions, prep_reprocess_req() calls kdc_err() with
a null pointer as the format string, causing a null dereference and
denial of service. Legitimate protocol requests can trigger this
problem.
ticket: 6608
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23534 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r22636 | ghudson | 2009-08-27 09:40:50 -0400 (Thu, 27 Aug 2009) | 17 lines
ticket: 6551
subject: Memory leak in spnego accept_sec_context error path
tags: pullup
target_version: 1.7
If the underlying mechanism's accept_sec_context returns an error, the
spnego accept_sec_context was leaving allocated data in
*context_handle, which is incorrect for the first call according to
RFC 2744.
Fix this by mirroring some code from the spnego init_sec_context,
which always cleans up the half-constructed context in case of error.
This is allowed (though not encouraged) by RFC 2744 for second and
subsequent calls; since we were already doing it in init_sec_context,
it seems simpler to do that than keep track of whether this is a first
call or not.
ticket: 6551
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22813 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r22519 | ghudson | 2009-08-12 14:53:47 -0400 (Wed, 12 Aug 2009) | 12 lines
ticket: 6543
subject: Reply message ordering bug in ftpd
tags: pullup
target_version: 1.7
user() was replying to the user command and then calling login(),
which could send a continuation reply if it fails to chdir to the
user's homedir. Continuation replies must come before the actual
reply; the mis-ordering was causing ftp and ftpd to deadlock. To fix
the bug, invoke login() before reply() so that the continuation reply
comes first.
ticket: 6543
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22812 dc483132-0cff-0310-8789-dd5450dbe970
|
|
------------------------------------------------------------------------
r22516 | ghudson | 2009-08-10 15:12:47 -0400 (Mon, 10 Aug 2009) | 8 lines
ticket: 6542
subject: Check for null characters in pkinit cert fields
tags: pullup
target_version: 1.7
When processing DNS names or MS UPNs in pkinit certs, disallow
embedded null characters.
ticket: 6542
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@22811 dc483132-0cff-0310-8789-dd5450dbe970
|
