diff options
Diffstat (limited to 'source4/heimdal/lib/krb5')
| -rw-r--r-- | source4/heimdal/lib/krb5/addr_families.c | 11 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/crypto.c | 8 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/get_for_creds.c | 4 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/mk_req_ext.c | 195 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/rd_priv.c | 7 | ||||
| -rw-r--r-- | source4/heimdal/lib/krb5/send_to_kdc.c | 4 |
6 files changed, 112 insertions, 117 deletions
diff --git a/source4/heimdal/lib/krb5/addr_families.c b/source4/heimdal/lib/krb5/addr_families.c index ccc97f412d..cf460ba725 100644 --- a/source4/heimdal/lib/krb5/addr_families.c +++ b/source4/heimdal/lib/krb5/addr_families.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: addr_families.c,v 1.49 2005/06/16 20:16:12 lha Exp $"); +RCSID("$Id: addr_families.c,v 1.50 2006/03/17 22:12:13 lha Exp $"); struct addr_operations { int af; @@ -930,11 +930,18 @@ krb5_parse_address(krb5_context context, int error; int save_errno; + addresses->len = 0; + addresses->val = NULL; + for(i = 0; i < num_addrs; i++) { if(at[i].parse_addr) { krb5_address addr; if((*at[i].parse_addr)(context, string, &addr) == 0) { ALLOC_SEQ(addresses, 1); + if (addresses->val == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + return ENOMEM; + } addresses->val[0] = addr; return 0; } @@ -1047,6 +1054,8 @@ krb5_free_addresses(krb5_context context, for(i = 0; i < addresses->len; i++) krb5_free_address(context, &addresses->val[i]); free(addresses->val); + addresses->len = 0; + addresses->val = NULL; return 0; } diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c index 3cfc780eb4..039484c650 100644 --- a/source4/heimdal/lib/krb5/crypto.c +++ b/source4/heimdal/lib/krb5/crypto.c @@ -32,7 +32,7 @@ */ #include "krb5_locl.h" -RCSID("$Id: crypto.c,v 1.132 2006/02/28 14:52:57 lha Exp $"); +RCSID("$Id: crypto.c,v 1.133 2006/03/07 19:34:55 lha Exp $"); #undef CRYPTO_DEBUG #ifdef CRYPTO_DEBUG @@ -3414,7 +3414,7 @@ decrypt_internal_derived(krb5_context context, l = len - et->confoundersize; memmove(p, p + et->confoundersize, l); result->data = realloc(p, l); - if(result->data == NULL) { + if(result->data == NULL && l != 0) { free(p); krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; @@ -3479,7 +3479,7 @@ decrypt_internal(krb5_context context, l = len - et->confoundersize - checksum_sz; memmove(p, p + et->confoundersize + checksum_sz, l); result->data = realloc(p, l); - if(result->data == NULL) { + if(result->data == NULL && l != 0) { free(p); krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; @@ -3523,7 +3523,7 @@ decrypt_internal_special(krb5_context context, memmove (p, p + cksum_sz + et->confoundersize, sz); result->data = realloc(p, sz); - if(result->data == NULL) { + if(result->data == NULL && sz != 0) { free(p); krb5_set_error_string(context, "malloc: out of memory"); return ENOMEM; diff --git a/source4/heimdal/lib/krb5/get_for_creds.c b/source4/heimdal/lib/krb5/get_for_creds.c index aa7c62befc..dafe668b5d 100644 --- a/source4/heimdal/lib/krb5/get_for_creds.c +++ b/source4/heimdal/lib/krb5/get_for_creds.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: get_for_creds.c,v 1.47 2006/02/03 11:37:29 lha Exp $"); +RCSID("$Id: get_for_creds.c,v 1.48 2006/03/07 19:38:09 lha Exp $"); static krb5_error_code add_addrs(krb5_context context, @@ -50,7 +50,7 @@ add_addrs(krb5_context context, ++n; tmp = realloc(addr->val, (addr->len + n) * sizeof(*addr->val)); - if (tmp == NULL) { + if (tmp == NULL && (addr->len + n) != 0) { krb5_set_error_string(context, "malloc: out of memory"); ret = ENOMEM; goto fail; diff --git a/source4/heimdal/lib/krb5/mk_req_ext.c b/source4/heimdal/lib/krb5/mk_req_ext.c index ab83d912ea..18b0e3552f 100644 --- a/source4/heimdal/lib/krb5/mk_req_ext.c +++ b/source4/heimdal/lib/krb5/mk_req_ext.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: mk_req_ext.c,v 1.30 2005/01/05 06:31:01 lukeh Exp $"); +RCSID("$Id: mk_req_ext.c,v 1.32 2006/03/19 20:33:13 lha Exp $"); krb5_error_code _krb5_mk_req_internal(krb5_context context, @@ -45,120 +45,103 @@ _krb5_mk_req_internal(krb5_context context, krb5_key_usage checksum_usage, krb5_key_usage encrypt_usage) { - krb5_error_code ret; - krb5_data authenticator; - Checksum c; - Checksum *c_opt; - krb5_auth_context ac; + krb5_error_code ret; + krb5_data authenticator; + Checksum c; + Checksum *c_opt; + krb5_auth_context ac; - if(auth_context) { - if(*auth_context == NULL) - ret = krb5_auth_con_init(context, auth_context); - else - ret = 0; - ac = *auth_context; - } else - ret = krb5_auth_con_init(context, &ac); - if(ret) - return ret; + if(auth_context) { + if(*auth_context == NULL) + ret = krb5_auth_con_init(context, auth_context); + else + ret = 0; + ac = *auth_context; + } else + ret = krb5_auth_con_init(context, &ac); + if(ret) + return ret; - if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) { - ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session); - if(ret) - return ret; - } + if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) { + ret = krb5_auth_con_generatelocalsubkey(context, + ac, + &in_creds->session); + if(ret) + goto out; + } -#if 0 - { - /* This is somewhat bogus since we're possibly overwriting a - value specified by the user, but it's the easiest way to make - the code use a compatible enctype */ - Ticket ticket; - krb5_keytype ticket_keytype; + krb5_free_keyblock(context, ac->keyblock); + ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock); + if (ret) + goto out; + + /* it's unclear what type of checksum we can use. try the best one, except: + * a) if it's configured differently for the current realm, or + * b) if the session key is des-cbc-crc + */ - ret = decode_Ticket(in_creds->ticket.data, - in_creds->ticket.length, - &ticket, - NULL); - krb5_enctype_to_keytype (context, - ticket.enc_part.etype, - &ticket_keytype); + if (in_data) { + if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) { + /* this is to make DCE secd (and older MIT kdcs?) happy */ + ret = krb5_create_checksum(context, + NULL, + 0, + CKSUMTYPE_RSA_MD4, + in_data->data, + in_data->length, + &c); + } else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 || + ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56) { + /* this is to make MS kdc happy */ + ret = krb5_create_checksum(context, + NULL, + 0, + CKSUMTYPE_RSA_MD5, + in_data->data, + in_data->length, + &c); + } else { + krb5_crypto crypto; - if (ticket_keytype == in_creds->session.keytype) - krb5_auth_setenctype(context, - ac, - ticket.enc_part.etype); - free_Ticket(&ticket); - } -#endif + ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto); + if (ret) + goto out; + ret = krb5_create_checksum(context, + crypto, + checksum_usage, + 0, + in_data->data, + in_data->length, + &c); + krb5_crypto_destroy(context, crypto); + } + c_opt = &c; + } else { + c_opt = NULL; + } - krb5_free_keyblock(context, ac->keyblock); - krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock); + if (ret) + goto out; - /* it's unclear what type of checksum we can use. try the best one, except: - * a) if it's configured differently for the current realm, or - * b) if the session key is des-cbc-crc - */ - - if (in_data) { - if(ac->keyblock->keytype == ETYPE_DES_CBC_CRC) { - /* this is to make DCE secd (and older MIT kdcs?) happy */ - ret = krb5_create_checksum(context, - NULL, - 0, - CKSUMTYPE_RSA_MD4, - in_data->data, - in_data->length, - &c); - } else if(ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5 || - ac->keyblock->keytype == ETYPE_ARCFOUR_HMAC_MD5_56) { - /* this is to make MS kdc happy */ - ret = krb5_create_checksum(context, - NULL, - 0, - CKSUMTYPE_RSA_MD5, - in_data->data, - in_data->length, - &c); - } else { - krb5_crypto crypto; + ret = krb5_build_authenticator (context, + ac, + ac->keyblock->keytype, + in_creds, + c_opt, + NULL, + &authenticator, + encrypt_usage); + if (c_opt) + free_Checksum (c_opt); + if (ret) + goto out; - ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto); - if (ret) - return ret; - ret = krb5_create_checksum(context, - crypto, - checksum_usage, - 0, - in_data->data, - in_data->length, - &c); - - krb5_crypto_destroy(context, crypto); - } - c_opt = &c; - } else { - c_opt = NULL; - } - - ret = krb5_build_authenticator (context, - ac, - ac->keyblock->keytype, - in_creds, - c_opt, - NULL, - &authenticator, - encrypt_usage); - if (c_opt) - free_Checksum (c_opt); - if (ret) + ret = krb5_build_ap_req (context, ac->keyblock->keytype, + in_creds, ap_req_options, authenticator, outbuf); +out: + if(auth_context == NULL) + krb5_auth_con_free(context, ac); return ret; - - ret = krb5_build_ap_req (context, ac->keyblock->keytype, - in_creds, ap_req_options, authenticator, outbuf); - if(auth_context == NULL) - krb5_auth_con_free(context, ac); - return ret; } krb5_error_code KRB5_LIB_FUNCTION diff --git a/source4/heimdal/lib/krb5/rd_priv.c b/source4/heimdal/lib/krb5/rd_priv.c index bafd23e995..bf82ad556e 100644 --- a/source4/heimdal/lib/krb5/rd_priv.c +++ b/source4/heimdal/lib/krb5/rd_priv.c @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_priv.c,v 1.31 2004/05/25 21:39:13 lha Exp $"); +RCSID("$Id: rd_priv.c,v 1.32 2006/03/18 22:15:57 lha Exp $"); krb5_error_code KRB5_LIB_FUNCTION krb5_rd_priv(krb5_context context, @@ -50,6 +50,9 @@ krb5_rd_priv(krb5_context context, krb5_keyblock *key; krb5_crypto crypto; + if (outdata) + krb5_data_zero(outdata); + if ((auth_context->flags & (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) && outdata == NULL) @@ -158,7 +161,7 @@ krb5_rd_priv(krb5_context context, (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) { /* if these fields are not present in the priv-part, silently return zero */ - memset(outdata, 0, sizeof(*outdata)); + krb5_data_zero(outdata); if(part.timestamp) outdata->timestamp = *part.timestamp; if(part.usec) diff --git a/source4/heimdal/lib/krb5/send_to_kdc.c b/source4/heimdal/lib/krb5/send_to_kdc.c index 7bb4adabbd..d3d21aea3f 100644 --- a/source4/heimdal/lib/krb5/send_to_kdc.c +++ b/source4/heimdal/lib/krb5/send_to_kdc.c @@ -33,7 +33,7 @@ #include "krb5_locl.h" -RCSID("$Id: send_to_kdc.c,v 1.56 2005/06/17 04:33:11 lha Exp $"); +RCSID("$Id: send_to_kdc.c,v 1.57 2006/03/07 19:39:59 lha Exp $"); struct send_and_recv { krb5_send_and_recv_func_t func; @@ -102,7 +102,7 @@ recv_loop (int fd, krb5_data_free (rep); return -1; } - if(nbytes == 0) + if(nbytes <= 0) return 0; if (limit) |