Under C99, Sec 6.2.4, paragraph 2:
The value of a pointer becomes indeterminate when the object it
points to reaches the end of its lifetime.
`Indeterminate' (3.17.2) includes a trap representation, and any
reference to a trap representation is undefined behaviour. Thus,
after realloc(res, ...) succeeds, any reference to res (or p) is
undefined behaviour.
So, instead of using `p - res` after res has been freed, use the
existing name for the value we know it has now: len. (We could also
use alloced because p == end in this branch, and end = res + alloced,
and p = res + len. Of course, we would have to move it up a line to
before we update alloced to have a different value.)
fix https://github.com/heimdal/heimdal/issues/1164
The call to free_KDCDHKeyInfo(), further down, could have caused heap
corruption.
Found by Coverity (Samba CID 1544611).
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Nowadays we use PACs instead of AD-SIGNEDPATH, so we want a PAC on every
TGT, but we don't necessarily want PACs on cross-realm TGTs.
Specifically, we don't interop well yet with AD when issuing cross-realm
TGTs with AD realms as the destination realm (see #1091).
Bison must generate this unsolicited, but BSD yacc does not.
The makefiles for lib/com_err and lib/sl already did this; this
change just adds it to lib/asn1 and lib/hx509 too.
fix https://github.com/heimdal/heimdal/issues/1100
key_data is unused. Presumably this was copypasta from DB_seq in
hdb/db.c, where it is used for the Heimdal database format in which
the value may be missing a principal but it can be recovered from the
key. In contrast, the mit-krb5 format appears to always store the
principal in the value and _hdb_mdb_value2entry always retrieves it,
with no need for a key2principal fallback.
fix https://github.com/heimdal/heimdal/issues/1102
This way there is no truncation and no build failure due to
-Werror=format-truncation as is the default in some compilers, such
as gcc7.4 with -Wall -Werror.
This is presumably not space-constrained or performance-critical; the
very next thing it does is another asprintf and frees it immediately.
And uname is not usually under any adversary's control.
fix https://github.com/heimdal/heimdal/issues/1105
‘r->error_code’ might have been set earlier, and we don’t want to
overwrite it with a successful error code.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
If ‘r->error_code’ was zero, we would turn it into an ERR_GENERIC error
and return that to the client. Now we return the actual error code
instead.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
There are a few reasons that this function could fail (e.g., failure to
allocate memory) besides random number generation being unavailable. No
other caller abort()s on failure like this.
Furthermore, krb5_generate_random_block(), which is called by
krb5_generate_random_keyblock(), already aborts if random generation
fails.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This helps with certain automation tools, such as ansible, that usually
expect failure to be visible in stderr.
Other minor changes:
* replace "doesn't" with "does not" to keep messages consistent and
avoid escaping quotes in grep, etc.
* add newlines
