Commit Graph

30594 Commits

Author SHA1 Message Date
Nicolas Williams
b0b4510f9f krb5: Fix return of pointer to local in krb5_sendauth() (never exercised)
We don't have a caller in-tree that exercises this path.
2023-01-04 00:43:36 -06:00
Nicolas Williams
46df04dafb krb5: Fix leaks 2023-01-04 00:43:36 -06:00
Nicolas Williams
21ada15e08 krb5: Expand breadcrumb commentary in _krb5_get_host_realm_int() 2023-01-04 00:43:36 -06:00
Nicolas Williams
2e7d996ea9 krb5: Fix string read overrun (fix #1057) 2023-01-04 00:43:36 -06:00
Nicolas Williams
cc641edf6b krb5: Fix moduli open file leak 2023-01-04 00:43:36 -06:00
Nicolas Williams
7705ff6588 krb5: Fix FAST anon PKINIT leak 2023-01-04 00:43:36 -06:00
Nicolas Williams
59e13ad299 krb5: Quiet static analyzer warning in store.c 2023-01-04 00:43:36 -06:00
Nicolas Williams
5535ace6ea krb5: Fix ignored error in SCC: ccache 2023-01-04 00:43:36 -06:00
Nicolas Williams
0fba239baa krb5: Quiet static analyzer warning in name canon rules 2023-01-04 00:43:36 -06:00
Nicolas Williams
e5a8a6f972 krb5: Quiet static analyzer warning in krbhst 2023-01-04 00:43:36 -06:00
Nicolas Williams
a1c0639ddd krb5: Fix NULL deref in KCM: ccache 2023-01-04 00:43:36 -06:00
Nicolas Williams
2e11ecefba krb5: Fix krb5_copy_context() use-after-free copy-pasto 2023-01-04 00:43:35 -06:00
Nicolas Williams
8b44896bc1 hx509: Fix harmless TOCTOU in load_crl() 2023-01-04 00:43:35 -06:00
Nicolas Williams
64254d64dd hx509: Fix ENOMEM free of garbage encoding PKCS#10 2023-01-04 00:43:35 -06:00
Nicolas Williams
1473b96d1c hx509: Fix leak in templated certificates 2023-01-04 00:43:35 -06:00
Nicolas Williams
06fdd14d4d hx509: Quiet static analyzer false positives 2023-01-04 00:43:35 -06:00
Nicolas Williams
86af011f0b hcrypto: Fix integer undeflow in rsa-ltm.c 2023-01-04 00:43:35 -06:00
Nicolas Williams
274b683d76 hcrypto: Fix warning in HMAC_Init_ex() 2023-01-04 00:43:35 -06:00
Nicolas Williams
20c4c0dea9 asn1: Fix ENOMEM leak in der_print_bit_string() 2023-01-04 00:43:35 -06:00
Nicolas Williams
26b1acf3b8 asn1: Remove unused variable assignment in main.c 2023-01-04 00:43:35 -06:00
Nicolas Williams
9fc2e943ca base: Fix use-after-free in heim_path_vcreate() 2023-01-04 00:43:35 -06:00
Nicolas Williams
23a9ca27a5 base: Fix use-after-free db.c (mostly unused in prod)
We only use `db` for an2ln testing.
2023-01-04 00:43:35 -06:00
Nicolas Williams
c05294e2c5 base: Remove unused variable assignment in JSON string parsing 2023-01-04 00:43:35 -06:00
Nicolas Williams
a331a7a04f wind: Check for integer overflow in idn-lookup utility 2023-01-04 00:43:35 -06:00
Nicolas Williams
0ffb00275a sl: Fix leak 2023-01-04 00:43:35 -06:00
Nicolas Williams
b93129f83d roken: Fix FD and memory leaks in rk_undumptext() 2023-01-04 00:43:35 -06:00
Nicolas Williams
11c0cbe9c2 roken: Fix base32/64 decode slowness 2023-01-04 00:43:35 -06:00
Nicolas Williams
7c3a064764 roken: Quiet warnings at mergesort callers
Some static analyzers can't tell that mergesort_r() isn't outputting
freed memory.
2023-01-04 00:43:35 -06:00
Nicolas Williams
aee72d61bf roken: Move an #endif in issuid() to avoid dead code 2023-01-04 00:43:35 -06:00
Nicolas Williams
319793b30b roken: Fix leak in new undump_not_file() 2023-01-04 00:43:35 -06:00
Brian May
73b42d3238 Build rk_closefrom even if including in libc 2023-01-04 00:43:35 -06:00
Nicolas Williams
77a452f4fd kdc: Make path to MIT Kerberos for testing configurable 2023-01-04 00:43:35 -06:00
Nicolas Williams
0f769dde17 cf: Make path to MIT Kerberos for testing configurable 2023-01-04 00:43:35 -06:00
Nicolas Williams
594c478482 GHA: Fix Coverity build 2023-01-04 00:43:35 -06:00
Nicolas Williams
58e07f8882 krb5: Fix(?) st_nlink check in fcache.c
We have a check for symlinks and hardlinks so that we refuse to open
ccaches through symlinks or which have hardlinks.  This check is too
strict, checking for `st_nlink != 1`, which runs into trouble when a
ccache is mounted as a file into a container, in which case `stat(2)`
reports it as having zero links.

The fix is to check for `st_nlink > 1`:

    -    if (sb2.st_nlink != 1) {
    +    if (sb2.st_nlink > 1) {
            krb5_set_error_message(context, EPERM, N_("Refuses to open hardlinks for caches FILE:%s", ""), filename);

Though I question the utility of the hardlink check.  MIT Kerberos
doesn't have it.
2022-12-29 22:27:42 -06:00
Brian May
f4fd02b810 Increment hcrypto library version 2022-12-29 21:43:02 -06:00
Nicolas Williams
5c74a82e98 kadm5: Fix #1055 2022-12-29 12:20:19 -06:00
Nicolas Williams
1d9ea9b73c kadm5: Add better fuzz inputs 2022-12-22 18:14:07 -06:00
Nicolas Williams
42b0702601 krb5: Better checking for storage EOF 2022-12-22 17:55:13 -06:00
Nicolas Williams
662fda9608 kadm5: Add a fuzzer input for test_marshall
TODO:

 - Add more inputs.
2022-12-22 10:27:23 -06:00
Nicolas Williams
66b16d12d8 roken: Use calloc() for overflow det. in hex_encode
Using calloc() means setting errno on overflow instead of not.
2022-12-22 10:27:23 -06:00
Stefan Metzmacher
dc3ac8592b heimbase-atomics: let heim_base_atomic_* use 'long' instead of 'int' on AIX
As the atomics are signed on AIX, we better try to use the largest
possible max value.

The 'int' API uses 32-bit values for both 32-bit and 64-bit binaries:

  typedef int *atomic_p;

  int fetch_and_add(atomic_p addr, int value);

The 'long' API uses 32-bit values for 32-bit binaries and 64-bit values
for 64-bit binaries:

  typedef long *atomic_l;

  long fetch_and_addlp(atomic_l addr, long value);

So we better use the 'long' API in order to avoid any potential
problems with the heim_base_atomic_integer_max magic value, where
INT[32]_MAX would be a little bit low compared to 64-bit pointer space.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2022-12-22 22:12:52 +11:00
Stefan Metzmacher
1e5cb64569 heimbase-atomics: fix heim_base_atomic_* on AIX
The API looks like this on AIX:

  typedef int *atomic_p;

  int fetch_and_add(atomic_p addr, int value);

The strange thing is that the xlc compiler ignores missing arguments by
default. (It warns but doesn't fail to compile)
As a result the value argument was just uninitialized memory,
which means that the ref_cnt variable of struct heim_base,
gets unpredictable values during heim_retain() and heim_release(),
resulting in memory leaks.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2022-12-22 22:12:52 +11:00
Nicolas Williams
131d90c414 bx509d: Fix tests skipping on OS X 2022-12-21 22:14:03 -06:00
Nicolas Williams
07ce06e7b2 kadm5: Add test_marshall program
The lib/kadm5/test_marshall program allows one to construct and check
encodings for various struct types for which we have
{kadm5,krb5}_{ret,store}_<type>() functions.

Currently supported are:

 - krb5_keyblock
 - krb5_principal
 - krb5_times
 - krb5_address
 - krb5_addresses
 - krb5_authdata
 - krb5_creds
 - krb5_key_data
 - krb5_tl_data
 - kadm5_principal_ent_rec

With this we'll be able to a) construct test vectors, b) use those to
drive fuzzing with AFL or other fuzzers.
2022-12-21 22:14:03 -06:00
Nicolas Williams
8b6926f4c0 roken: Add rk_undumptext() and support ttys and such
Add rk_undumptext(), which NUL-terminates the contents it reads.

rk_undumptext(), and now also rk_undumpdata(), can read from regular and
non-regular files (e.g., ttys, pipes, devices, but -on Windows- not
sockets).

This means that `asn1_print` can now read from `/dev/stdin`, which can
be a pipe.

There's a way to set a limit on how much to read from non-regular files,
and that limit defaults to 10MB.

At any rate, the rk_dumpdata(), rk_undumpdata(), and rk_undumptext() functions
really do not belong in lib/roken but in lib/base.  There are other utility
functions in lib/roken that don't belong there too.  A rationalization of the
split between lib/roken and lib/base is overdue.  And while we're at it -lest I
forget- it'd be nice to move all the krb5_storage functions out of lib/krb5 and
into lib/base, as those could come in handy for, e.g., implementing OpenSSH
style certificates and other things outside the krb5 universe.
2022-12-21 22:06:15 -06:00
Nicolas Williams
ca2467a4c4 roken: Do not use net_read() for regular files!
The bug fixed herein almost certainly means that PKINIT was never
working on Windows, since lib/hx509 uses rk_undumpdata() to read regular
files containing certificates and keys, but then since rk_undumpdata()
was using net_read(), that can't have worked.  On Windows net_read()
insists on the FD being a socket, and because of winsock, the namespaces
of socket and file descriptors on Windows are distinct.
2022-12-20 22:19:39 -06:00
Nicolas Williams
8f71755d2b kadmind: Fix uninitialized heap pointer use (#1051) 2022-12-19 20:23:51 -06:00
Nicolas Williams
8423016920 doc: Fix dvi/pdf/ps build 2022-12-19 17:54:11 -06:00
Nicolas Williams
42fff5ec5f hx509: Add content and some EXAMPLES to hxtool(1)
hxtool is a very useful command, with a very user-friendly interface, at
least compared to OpenSSL's openssl(1).  We should document it better.

Currently there are no manual pages for hxtool(1)'s subcommands, though
their --help message is pretty self-explanatory.  Now the hxtool(1) page
provides better clues to the user, including examples.
2022-12-19 17:03:38 -06:00