From rt-comment at krbdev.mit.edu Thu Jun 26 14:08:06 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 26 Jun 2008 14:08:06 -0400 (EDT) Subject: [krbdev.mit.edu #5968] SVN Commit In-Reply-To: Message-ID: Apple PKINIT LKDC support. Commit By: lxs Revision: 20476 Changed Files: U trunk/src/include/pkinit_cert_store.h U trunk/src/lib/krb5/krb/pkinit_apple_cert_store.c U trunk/src/lib/krb5/krb/preauth2.c From rt-comment at krbdev.mit.edu Thu Jun 26 20:20:41 2008 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Thu, 26 Jun 2008 20:20:41 -0400 (EDT) Subject: [krbdev.mit.edu #5994] SVN Commit In-Reply-To: Message-ID: Fix possible null pointer deref, possible uninit ptr use, possible leak in unlikely small-allocation failure case. Commit By: raeburn Revision: 20477 Changed Files: U trunk/src/lib/rpc/auth_gssapi.c From rt-comment at krbdev.mit.edu Thu Jun 26 20:22:50 2008 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Thu, 26 Jun 2008 20:22:50 -0400 (EDT) Subject: [krbdev.mit.edu #5995] SVN Commit In-Reply-To: Message-ID: Fix off-by-one error in range check on file descriptor number. Commit By: raeburn Revision: 20478 Changed Files: U trunk/src/lib/krb5/os/sendto_kdc.c From rt-comment at krbdev.mit.edu Thu Jun 26 20:32:08 2008 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Thu, 26 Jun 2008 20:32:08 -0400 (EDT) Subject: [krbdev.mit.edu #5925] SVN Commit In-Reply-To: Message-ID: Don't do FD_SETSIZE check on Windows. Also, for form's sake, use closesocket instead of close inside the check. Kevin or Jeff, could you please verify that the code works again? Commit By: raeburn Revision: 20479 Changed Files: U trunk/src/lib/krb5/os/sendto_kdc.c From rt-comment at krbdev.mit.edu Thu Jun 26 21:26:16 2008 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Thu, 26 Jun 2008 21:26:16 -0400 (EDT) Subject: [krbdev.mit.edu #5996] SVN Commit In-Reply-To: Message-ID: Fix a possible free of automatic storage that can happen on an (unlikely) encoding failure. Commit By: raeburn Revision: 20480 Changed Files: U trunk/src/lib/krb5/krb/rd_safe.c From rt-comment at krbdev.mit.edu Thu Jun 26 22:47:18 2008 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Thu, 26 Jun 2008 22:47:18 -0400 (EDT) Subject: [krbdev.mit.edu #5997] SVN Commit In-Reply-To: Message-ID: Fix various memory leaks that show up mostly in error cases (e.g., failure to allocate one small object, and then we forget to free another one). Commit By: raeburn Revision: 20481 Changed Files: U trunk/src/kdc/do_tgs_req.c U trunk/src/kdc/kdc_util.c U trunk/src/lib/gssapi/krb5/k5seal.c U trunk/src/lib/krb5/krb/bld_pr_ext.c U trunk/src/lib/krb5/krb/get_creds.c U trunk/src/lib/krb5/krb/get_in_tkt.c U trunk/src/lib/krb5/krb/init_ctx.c U trunk/src/lib/krb5/os/an_to_ln.c U trunk/src/lib/rpc/auth_gss.c U trunk/src/plugins/kdb/db2/adb_policy.c From rt-comment at krbdev.mit.edu Thu Jun 26 22:51:17 2008 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Thu, 26 Jun 2008 22:51:17 -0400 (EDT) Subject: [krbdev.mit.edu #5997] SVN Commit In-Reply-To: Message-ID: Memory leak, and possible freed-memory dereference, in an error (small allocation failure) path. Commit By: raeburn Revision: 20482 Changed Files: U trunk/src/lib/krb5/krb/gic_opt.c From rt-comment at krbdev.mit.edu Thu Jun 26 23:33:27 2008 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Thu, 26 Jun 2008 23:33:27 -0400 (EDT) Subject: [krbdev.mit.edu #5998] SVN Commit In-Reply-To: Message-ID: Fix some bugs with storage being used immediately after being freed. None look like anything an attacker can really manipulate AFAICT. Commit By: raeburn Revision: 20485 Changed Files: U trunk/src/kadmin/server/server_stubs.c U trunk/src/kdc/network.c U trunk/src/lib/krb5/krb/mk_cred.c U trunk/src/slave/kprop.c From rt-comment at krbdev.mit.edu Fri Jun 27 00:19:08 2008 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Fri, 27 Jun 2008 00:19:08 -0400 (EDT) Subject: [krbdev.mit.edu #5999] SVN Commit In-Reply-To: Message-ID: ktutil's "list -t" option is supposed to show the timestamp stored in the keytab file. Instead, it shows some random (uninitialized) value, interpreted as a timestamp. Commit By: raeburn Revision: 20486 Changed Files: U trunk/src/kadmin/ktutil/ktutil.c From rt-comment at krbdev.mit.edu Fri Jun 27 00:47:31 2008 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Fri, 27 Jun 2008 00:47:31 -0400 (EDT) Subject: [krbdev.mit.edu #6000] SVN Commit In-Reply-To: Message-ID: Fix some miscellaneous uninitialized-storage uses, mainly in unlikely error paths. Commit By: raeburn Revision: 20487 Changed Files: U trunk/src/clients/kinit/kinit.c U trunk/src/kadmin/dbutil/ovload.c U trunk/src/lib/krb5/keytab/kt_memory.c From rt-comment at krbdev.mit.edu Fri Jun 27 15:46:41 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 27 Jun 2008 15:46:41 -0400 (EDT) Subject: [krbdev.mit.edu #6001] SVN Commit In-Reply-To: Message-ID: Added support for stash files with a consistent endianness (big endian) so that one can migrate a KDC from a machine with one endianess to a machine with the other endianess. Used by Kerberos for Macintosh. Commit By: lxs Revision: 20489 Changed Files: U trunk/src/lib/kdb/kdb_default.c From rt-comment at krbdev.mit.edu Mon Jun 30 16:11:22 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 30 Jun 2008 16:11:22 -0400 (EDT) Subject: [krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp In-Reply-To: Message-ID: The following code in krb5_rc_io_creat() should be replaced with mkstemp(): if (asprintf(&d->fn, "%s%skrb5_RC%daaa", dir, PATH_SEPARATOR, (int) UNIQUE) < 0) { d->fn = NULL; return KRB5_RC_IO_MALLOC; } c = d->fn + strlen(d->fn) - 3; while ((d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | O_BINARY, 0600)) == -1) { if ((c[2]++) == 'z') { c[2] = 'a'; if ((c[1]++) == 'z') { c[1] = 'a'; if ((c[0]++) == 'z') break; /* sigh */ } } }