Check for OpenSSL features while LDFLAGS and CFLAGS are set with
the paths provided in the configure command line. This allows
detecting a non-default OpenSSL's version correctly, such as
on FreeBSD with one of the OpenSSL 3.0 ports.
decrypt_internal_derived(), decrypt_internal_enc_then_cksum(),
decrypt_internal(), and decrypt_internal_special() execute the
following pattern where 'p' is an allocation of size 'len'
l = len - n
memmove(p, p + n, l);
result->data = realloc(p, l);
if (result->data == NULL && l != 0) {
free(p);
return krb5_enomem(context);
}
result->length = l;
which when compiled by gcc 13.0.1-0.12.fc38 or gcc-13.0.1-0.13.fc39
generates the following warning
warning: pointer 'p' may be used after 'realloc' [-Wuse-after-free]
The C language specification indicates that it is only safe to free()
the pointer passed to realloc() if errno is set to ENOMEM. Yet the
warning is generated by the following pattern
l = len - n
memmove(p, p + n, l);
errno = 0;
result->data = realloc(p, l);
if (result->data == NULL && l != 0) {
if (errno == ENOMEM)
free(p);
return krb5_enomem(context);
}
result->length = l;
The value of performing the realloc() is questionable. realloc()
in many cases will need to perform a second allocation of the
smaller size and then perform a memcpy() which will slow down
the operation without saving much memory. The allocation is already
very small.
This change avoids the warning by removing the realloc() entirely.
The interface between the krb5 mechanism and the mechglue API
gsskrb5_extract_authtime_from_sec_context() assumed the authtime would fit into
an uint32_t, which is not the case on platforms where time_t is 64-bit.
Fixes: #1073
This reverts commit a9c0b8f264.
From Joseph Sutton:
> I found that this commit would result in `KRB5KRB_AP_ERR_BAD_INTEGRITY`
> errors in Samba whenever explicit FAST armor was present. Reverting the
> commit made FAST work again.
> It should be safe to use `tgs_ac` here, since it will always be non-NULL if
> `r->explicit_armor_present` is true. Maybe a local variable
> `explicit_armor_present` (which would be assigned to
> `r->explicit_armor_present` before the function returns successfully) would
> help a static analyser to deduce that its value doesn't change within the
> function, and that `tgs_ac != NULL` still holds.
a9c0b8f264 (commitcomment-95581208)
Both the len and the index was decremented, which made the exit
condition (template[len - i] == 'X') trigger before it should.
Fixes solaris10 where mkdtemp is not available.
Fix regression introduced in 62f83ad0 by adding HEIMDAL_NORETURN_ATTRIBUTE and
HEIMDAL_PRINTF_ATTRIBUTE to function definitions, so they will be included in
heimbase-protos.h.
We reject tickets that have no AD-KDC-ISSUED(!).
This was reported by Samba. The workaround they found was to set
check_pac = true in krb5.conf, as that clobbers the ret from
krb5_ticket_get_authorization_data_type() not having found an
AD-KDC-ISSUED element.
This was introduced in 1cede09a0b.
SANON cred export/import never worked correctly as the export function was
producing the wrong form of token, which was leading gss_import_cred() to
allocate more than 64MB of memory to parse the SANON exported credential. The
recent change to reduce the default `max_alloc` of krb5_storage exposed this.
