If block_dns is set, call getaddrinfo with AI_NUMERICHOST set and
AI_CANONNAME clear.
Some paths may not have set AI_CANONNAME, but it's easier to audit
this way when the getaddrinfo prelude is uniform across call sites,
and the compiler can optimize it away.
heimdal uses 8-byte (64-bits) atomic operations for a while now (ie in
lib/krb5/krcache.c). however some platforms (ie i386, i486, ARM < 7)
don't support them natively and need to be linked against libatomic in
order to implement functionallity from <stdatomic.h>.
if the header was found check 64-bit atomics work without any additional
libraries. if not try to add linking with libatomic. if that fails as
well fallback to -DHEIM_BASE_ATOMICS_FALLBACK
no change for platfroms without <stdatomic.h>
Fixes: #1186
Instead of freeing host->ai on return from submit_request in the
http_proxy path, stash the proxy's ai in another member host->freeai
which will be freed when host is freed.
Assumption: All hosts created in submit_request cease to be used
before any of them are freed, so it's safe to pick one host to hang
the proxy's ai on and free the ai when that host is freed.
fix https://github.com/heimdal/heimdal/issues/1205
In the future we should also make it so that `make check` for `tests/db`,
`tests/gss`, and `tests/kdc` first initializes all the realms and starts all
the daemons, then runs the actual checks possibly in parallel, then shuts down
the daemons. This will require quite a bit of work, so for now we just disable
parallel make in those directories.
If multiple valid CRLs are specified for a particular issuer, only the
first will be checked. The documentation didn’t really hint at this.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
If ‘keyid’ is an empty string, then the numeric error code that gets
appended to this error message may be mistaken for the key ID. Address
this by not mentioning any ID in such cases.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Codepoints above U+10FFFF and overlong encodings are considered invalid.
Unpaired surrogates are not, as these are known to be generated on
occasion — by Windows, for example.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Under C99, Sec 6.2.4, paragraph 2:
The value of a pointer becomes indeterminate when the object it
points to reaches the end of its lifetime.
`Indeterminate' (3.17.2) includes a trap representation, and any
reference to a trap representation is undefined behaviour. Thus,
after realloc(res, ...) succeeds, any reference to res (or p) is
undefined behaviour.
So, instead of using `p - res` after res has been freed, use the
existing name for the value we know it has now: len. (We could also
use alloced because p == end in this branch, and end = res + alloced,
and p = res + len. Of course, we would have to move it up a line to
before we update alloced to have a different value.)
fix https://github.com/heimdal/heimdal/issues/1164
Taylor R Campbell