From rt-comment at krbdev.mit.edu  Mon Nov  3 13:22:21 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Mon,  3 Nov 2008 18:22:21 +0000 (UTC)
Subject: [krbdev.mit.edu #6202] SVN Commit 
In-Reply-To: <rt-6202@krbdev.mit.edu>
Message-ID: <rt-6202-29366.5.86763036513979@krbdev.mit.edu>


Apply an adapted Sun patch to fix error string leaks in kadmind.

Commit By: ghudson



Revision: 20956
Changed Files:
U   trunk/src/kadmin/server/server_stubs.c


From rt-comment at krbdev.mit.edu  Mon Nov  3 13:25:45 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Mon,  3 Nov 2008 18:25:45 +0000 (UTC)
Subject: [krbdev.mit.edu #6202] kadmind leaks extended error strings 
In-Reply-To: <rt-6202@krbdev.mit.edu>
Message-ID: <rt-6202-29368.9.03059559804156@krbdev.mit.edu>

Applied the Sun patch from #6029.  Verified that every case covered in
the Apple patch from this issue was also covered in the Sun patch.

From rt-comment at krbdev.mit.edu  Mon Nov  3 13:34:16 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Mon,  3 Nov 2008 18:34:16 +0000 (UTC)
Subject: [krbdev.mit.edu #6029] kadmind leaks error strings on failures 
In-Reply-To: <rt-6029@krbdev.mit.edu>
Message-ID: <rt-6029-29370.3.78899481122787@krbdev.mit.edu>

Adapted and applied.

I accidentally tagged the commit for #6202, which is a related issue
(Sun patch for some of the same leaks).  r20956 is the relevant commit.

From rt-comment at krbdev.mit.edu  Mon Nov  3 14:26:12 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Mon,  3 Nov 2008 19:26:12 +0000 (UTC)
Subject: [krbdev.mit.edu #6201] small leak in KDC authdata plugins 
In-Reply-To: <rt-6201@krbdev.mit.edu>
Message-ID: <rt-6201-29371.15.9388921436339@krbdev.mit.edu>

I am having some trouble characterizing this patch.  There are two
changes to error-handling in the KDC code, and then a change to
lib/kdb/kdb_default.c to avoid leaking keytab objects.

All of the changes look fine; they just don't seem terribly related.

From rt-comment at krbdev.mit.edu  Mon Nov  3 14:34:38 2008
From: rt-comment at krbdev.mit.edu (Love Hornquist Astrand via RT)
Date: Mon,  3 Nov 2008 19:34:38 +0000 (UTC)
Subject: [krbdev.mit.edu #6201] small leak in KDC authdata plugins
In-Reply-To: <rt-6201@krbdev.mit.edu>
Message-ID: <rt-6201-29372.13.982538617956@krbdev.mit.edu>


3 nov 2008 kl. 11:26 skrev Greg Hudson via RT:

> I am having some trouble characterizing this patch.  There are two
> changes to error-handling in the KDC code, and then a change to
> lib/kdb/kdb_default.c to avoid leaking keytab objects.
>
> All of the changes look fine; they just don't seem terribly related.

The are related as in "Memory leaks as detected by leaks".

Love




From rt-comment at krbdev.mit.edu  Mon Nov  3 14:40:35 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Mon,  3 Nov 2008 19:40:35 +0000 (UTC)
Subject: [krbdev.mit.edu #6201] small leak in KDC authdata plugins 
In-Reply-To: <rt-6201@krbdev.mit.edu>
Message-ID: <rt-6201-29373.4.91508529837425@krbdev.mit.edu>

Okay, that's fine.  I'll check it in as such.  I had just received some
incorrect summaries of the patch and was confused.

From rt-comment at krbdev.mit.edu  Mon Nov  3 14:47:42 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Mon,  3 Nov 2008 19:47:42 +0000 (UTC)
Subject: [krbdev.mit.edu #6201] SVN Commit 
In-Reply-To: <rt-6201@krbdev.mit.edu>
Message-ID: <rt-6201-29375.9.99352515751774@krbdev.mit.edu>


Apply a patch from Apple to correct a few memory leaks.

Commit By: ghudson



Revision: 20958
Changed Files:
U   trunk/src/kdc/kdc_authdata.c
U   trunk/src/kdc/kdc_preauth.c
U   trunk/src/lib/kdb/kdb_default.c


From rt-comment at krbdev.mit.edu  Mon Nov  3 16:05:27 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Mon,  3 Nov 2008 21:05:27 +0000 (UTC)
Subject: [krbdev.mit.edu #6247] SVN Commit 
In-Reply-To: <rt-6247@krbdev.mit.edu>
Message-ID: <rt-6247-29377.14.1689374491786@krbdev.mit.edu>


Apply Apple patch to null out key->contents after freeing on failure,
eliminating the possibility that the pointer will be used after free.

Commit By: ghudson



Revision: 20961
Changed Files:
U   trunk/src/lib/crypto/string_to_key.c


From rt-comment at krbdev.mit.edu  Mon Nov  3 17:47:13 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon,  3 Nov 2008 22:47:13 +0000 (UTC)
Subject: [krbdev.mit.edu #6266] SVN Commit 
In-Reply-To: <rt-6266@krbdev.mit.edu>
Message-ID: <rt-6266-29378.6.22312638053948@krbdev.mit.edu>


Commit By: lxs



Revision: 20962
Changed Files:
U   trunk/src/kim/agent/mac/KerberosAgentPrefix.pch


From rt-comment at krbdev.mit.edu  Mon Nov  3 17:50:11 2008
From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT)
Date: Mon,  3 Nov 2008 22:50:11 +0000 (UTC)
Subject: [krbdev.mit.edu #6267] SVN Commit 
In-Reply-To: <rt-6267@krbdev.mit.edu>
Message-ID: <rt-6267-29381.4.46501376649643@krbdev.mit.edu>


Needed for kinit password option.

Commit By: lxs



Revision: 20963
Changed Files:
U   trunk/doc/kim/html/group__kim__ccache__iterator__reference.html
U   trunk/doc/kim/html/group__kim__ccache__reference.html
U   trunk/doc/kim/html/group__kim__credential__iterator__reference.html
U   trunk/doc/kim/html/group__kim__credential__reference.html
U   trunk/doc/kim/html/group__kim__identity__reference.html
U   trunk/doc/kim/html/group__kim__library__reference.html
U   trunk/doc/kim/html/group__kim__options__reference.html
U   trunk/doc/kim/html/group__kim__preferences__reference.html
U   trunk/doc/kim/html/group__kim__selection__hints__reference.html
U   trunk/doc/kim/html/group__kim__string__reference.html
U   trunk/doc/kim/html/group__kim__types__reference.html
U   trunk/doc/kim/html/index.html
U   trunk/doc/kim/html/kim_ccache_overview.html
U   trunk/doc/kim/html/kim_credential_overview.html
U   trunk/doc/kim/html/kim_identity_overview.html
U   trunk/doc/kim/html/kim_options_overview.html
U   trunk/doc/kim/html/kim_preferences_overview.html
U   trunk/doc/kim/html/kim_selection_hints_overview.html
U   trunk/doc/kim/html/kim_string_overview.html
U   trunk/doc/kim/html/modules.html
U   trunk/src/include/kim/kim_ccache.h
U   trunk/src/include/kim/kim_credential.h
U   trunk/src/kim/lib/kim.exports
D   trunk/src/kim/lib/kim_ccache_private.h
U   trunk/src/kim/lib/kim_credential_private.h
U   trunk/src/kim/lib/kim_private.h


From rt-comment at krbdev.mit.edu  Mon Nov  3 20:50:05 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Tue,  4 Nov 2008 01:50:05 +0000 (UTC)
Subject: [krbdev.mit.edu #5867] SVN Commit 
In-Reply-To: <rt-5867@krbdev.mit.edu>
Message-ID: <rt-5867-29452.7.12267881335968@krbdev.mit.edu>


Check in Nalin's patch, and a test case for changing passwords via kinit
when +needchange is set.  Update dependencies.
Commit By: raeburn



Revision: 20966
Changed Files:
U   trunk/src/lib/krb5/os/Makefile.in
U   trunk/src/lib/krb5/os/changepw.c
A   trunk/src/tests/dejagnu/krb-standalone/pwchange.exp


From rt-comment at krbdev.mit.edu  Wed Nov  5 11:09:25 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Wed,  5 Nov 2008 16:09:25 +0000 (UTC)
Subject: [krbdev.mit.edu #6200] SVN Commit 
In-Reply-To: <rt-6200@krbdev.mit.edu>
Message-ID: <rt-6200-29453.16.5612366244411@krbdev.mit.edu>


Replace strcpy/strcat/sprintf uses in a couple of sample code files
with strncpy/strncat.  Since this is sample code, we can't rely on
build system support for asprintf/strlcpy/strlcat.

Commit By: ghudson



Revision: 21000
Changed Files:
U   trunk/src/appl/sample/sclient/sclient.c
U   trunk/src/plugins/authdata/greet/greet_auth.c


From rt-comment at krbdev.mit.edu  Wed Nov  5 11:19:06 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Wed,  5 Nov 2008 16:19:06 +0000 (UTC)
Subject: [krbdev.mit.edu #6200] SVN Commit 
In-Reply-To: <rt-6200@krbdev.mit.edu>
Message-ID: <rt-6200-29454.2.09193138016666@krbdev.mit.edu>


Convert many uses of strcpy/strcat (and sometimes sprintf) to accepted
string-handling functions.

Commit By: ghudson



Revision: 21001
Changed Files:
U   trunk/src/appl/bsd/krsh.c
U   trunk/src/appl/bsd/krshd.c
U   trunk/src/appl/gssftp/ftp/ftp.c
U   trunk/src/appl/gssftp/ftp/glob.c
U   trunk/src/appl/gssftp/ftpd/ftpcmd.y
U   trunk/src/appl/telnet/libtelnet/gettytab.c
U   trunk/src/kadmin/cli/kadmin.c
U   trunk/src/kadmin/server/ipropd_svc.c
U   trunk/src/kdc/kdc_util.c
U   trunk/src/kdc/kerberos_v4.c
U   trunk/src/lib/krb5/krb/parse.c
U   trunk/src/lib/krb5/os/dnssrv.c
U   trunk/src/lib/krb5/os/hst_realm.c
U   trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
U   trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
U   trunk/src/tests/asn.1/ktest.c
U   trunk/src/util/profile/prof_file.c


From rt-comment at krbdev.mit.edu  Wed Nov  5 12:08:55 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Wed,  5 Nov 2008 17:08:55 +0000 (UTC)
Subject: [krbdev.mit.edu #6200] SVN Commit 
In-Reply-To: <rt-6200@krbdev.mit.edu>
Message-ID: <rt-6200-29455.8.72141627671475@krbdev.mit.edu>


Rename krb5int_buf_cstr to krb5int_buf_data, since k5bufs can be used
for binary data as well as C string data.  The buffer will always have
a null byte at krb5int_buf_len bytes regardless of whether it contains
C string data.

Commit By: ghudson



Revision: 21003
Changed Files:
U   trunk/src/clients/ksu/authorization.c
U   trunk/src/include/k5-buf.h
U   trunk/src/lib/crypto/t_hmac.c
U   trunk/src/lib/gssapi/mechglue/oid_ops.c
U   trunk/src/lib/kadm5/alt_prof.c
U   trunk/src/lib/kadm5/str_conv.c
U   trunk/src/lib/krb5/krb/preauth.c
U   trunk/src/lib/krb5/krb/srv_rcache.c
U   trunk/src/lib/krb5/os/dnssrv.c
U   trunk/src/lib/krb5/os/hst_realm.c
U   trunk/src/lib/krb5/os/sendto_kdc.c
U   trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
U   trunk/src/util/support/k5buf.c
U   trunk/src/util/support/libkrb5support-fixed.exports
U   trunk/src/util/support/t_k5buf.c


From rt-comment at krbdev.mit.edu  Wed Nov  5 12:47:03 2008
From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT)
Date: Wed,  5 Nov 2008 17:47:03 +0000 (UTC)
Subject: [krbdev.mit.edu #5595] SVN Commit 
In-Reply-To: <rt-5595@krbdev.mit.edu>
Message-ID: <rt-5595-29457.8.40525789728666@krbdev.mit.edu>


Only look for IPv4 addresses for the kpasswd server.  This is just a
workaround for other parts of the code failing to cope with IPv6
addresses, and won't work in an IPv6-only environment; the problem
should still be fixed for real.
Commit By: raeburn



Revision: 21004
Changed Files:
U   trunk/src/lib/krb5/os/changepw.c


From rt-comment at krbdev.mit.edu  Thu Nov  6 10:49:04 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Thu,  6 Nov 2008 15:49:04 +0000 (UTC)
Subject: [krbdev.mit.edu #6200] SVN Commit 
In-Reply-To: <rt-6200@krbdev.mit.edu>
Message-ID: <rt-6200-29458.15.401656237266@krbdev.mit.edu>


Fix a kadmin bug introduced in a recent set of string handling
conversions.

Commit By: ghudson



Revision: 21019
Changed Files:
U   trunk/src/kadmin/cli/kadmin.c


From rt-comment at krbdev.mit.edu  Mon Nov 10 12:00:04 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Mon, 10 Nov 2008 17:00:04 +0000 (UTC)
Subject: [krbdev.mit.edu #6210] SVN Commit 
In-Reply-To: <rt-6210@krbdev.mit.edu>
Message-ID: <rt-6210-29466.17.3908404920464@krbdev.mit.edu>


Properly free sam_challenge in pa_sam().

Commit By: ghudson



Revision: 21062
Changed Files:
U   trunk/src/lib/krb5/krb/preauth2.c


From rt-comment at krbdev.mit.edu  Mon Nov 10 12:18:58 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Mon, 10 Nov 2008 17:18:58 +0000 (UTC)
Subject: [krbdev.mit.edu #6211] SVN Commit 
In-Reply-To: <rt-6211@krbdev.mit.edu>
Message-ID: <rt-6211-29468.5.55788169225956@krbdev.mit.edu>


In pa_sam(), free the outer krb5_data structure returned by
encode_krb5_sam_response.

Commit By: ghudson



Revision: 21063
Changed Files:
U   trunk/src/lib/krb5/krb/preauth2.c


From rt-comment at krbdev.mit.edu  Mon Nov 10 12:40:25 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Mon, 10 Nov 2008 17:40:25 +0000 (UTC)
Subject: [krbdev.mit.edu #6210] pa_sam leaks parts of krb5_sam_challenge 
In-Reply-To: <rt-6210@krbdev.mit.edu>
Message-ID: <rt-6210-29470.8.16633119239128@krbdev.mit.edu>

I handled the error cases but appear to have missed the main
(successful) code path.  Reopening this ticket.

Also, there is some ugly stuff going on in that function where
structures are partially constructed with allocated data and not freed,
and at least one case where a structure does a shallow copy of allocated
data from another structure and neither is freed.  I will need to do
some more careful analysis.

From rt-comment at krbdev.mit.edu  Mon Nov 10 13:45:19 2008
From: rt-comment at krbdev.mit.edu (Greg Hudson via RT)
Date: Mon, 10 Nov 2008 18:45:19 +0000 (UTC)
Subject: [krbdev.mit.edu #6200] SVN Commit 
In-Reply-To: <rt-6200@krbdev.mit.edu>
Message-ID: <rt-6200-29498.8.95976458287144@krbdev.mit.edu>


Fix a krsh bug introduced in r21001 which could cause garbage at the
beginning of the command string.

Commit By: ghudson



Revision: 21065
Changed Files:
U   trunk/src/appl/bsd/krsh.c