heimdal/gssapi at 22749e918fcf29fd29d2ea05d10d78226c6a5b36 - heimdal - PVV Git

oysteikt/heimdal

Files

History

Joseph Sutton 22749e918f gsskrb5: CVE-2022-3437 Check for overflow in _gsskrb5_get_mech()

If len_len is equal to total_len - 1 (i.e. the input consists only of a
0x60 byte and a length), the expression 'total_len - 1 - len_len - 1',
used as the 'len' parameter to der_get_length(), will overflow to
SIZE_MAX. Then der_get_length() will proceed to read, unconstrained,
whatever data follows in memory. Add a check to ensure that doesn't
happen.

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

2022-11-15 17:51:45 -06:00

..

gss: remove gss_get_instance()

2022-01-30 14:20:05 -05:00

gsskrb5: CVE-2022-3437 Check for overflow in _gsskrb5_get_mech()

2022-11-15 17:51:45 -06:00

gss: Fix UB

2022-11-01 16:10:57 -05:00

Use constant-time memcmp when comparing sensitive buffers

2022-04-30 13:35:52 -04:00

Use constant-time memcmp when comparing sensitive buffers

2022-04-30 13:35:52 -04:00

gss: Fix warnings

2022-01-14 17:39:05 -06:00

gss: _gss_negoex_accept make error const

2022-01-17 15:46:45 +11:00

ChangeLog

switch to utf8 encoding of all files

2008-09-13 08:53:55 +00:00

gen-oid.pl

gss: intern OIDs (#447 )

2018-12-18 23:28:38 -06:00

gss_acquire_cred.3

Fix assorted typos

2018-12-14 17:30:14 -05:00

gss-commands.in

use sl_did_you_mean

2011-11-22 12:18:48 -08:00

gss-token.1

gss-token: implement -m to specify what mech to use.

2020-10-12 21:55:51 +01:00

gss-token.c

gss: Fix gss-token success exit code

2022-10-06 16:42:33 -05:00

gssapi_mech.h

Add stub for gss_acquire_cred_impersonate_name().

2021-10-19 20:45:40 +11:00

gssapi.3

remove trailing whitespace

2011-05-21 11:57:31 -07:00

gssapi.h

remove trailing whitespace

2008-09-13 09:21:03 +00:00

gsstool.c

use sl_did_you_mean

2011-11-22 12:18:48 -08:00

libgssapi-exports.def

gss: remove gss_get_instance()

2022-01-30 14:20:05 -05:00

libgssapi-version.rc

Windows: Rename libgssapi.dll -> gssapi.dll

2010-08-20 13:14:15 -04:00

Makefile.am

gssapi: add dependency on gkrb5_err.h

2022-09-16 16:13:50 -04:00

NTMakefile

Generate .x source files as .c source files

2022-01-05 17:36:24 -06:00

oid.txt

Document OID arcs delegated to Heimdal by SU

2021-03-25 10:38:28 -05:00

test_acquire_cred.c

gss: Fix some test leaks

2020-04-25 21:22:32 -05:00

test_add_store_cred.c

krb5: Improve cccol sub naming; add gss_store_cred_into2()

2020-03-02 17:48:04 -06:00

test_common.c

More fixes for -Werror (GCC 4.6 catches more stuff)

2011-11-02 23:20:55 -05:00

test_common.h

remove trailing whitespace

2008-09-13 09:21:03 +00:00

test_context.c

gss: Fix UB

2022-11-01 16:10:57 -05:00

test_cred.c

gss: SAnon - the Simple Anonymous GSS-API mechanism

2020-04-25 23:19:30 -05:00

test_kcred.c

gss: Workaround valgrind "lifetime not equal" issue

2022-01-18 12:35:26 -06:00

test_names.c

gss: Fix test_names clang-13 build

2022-01-02 21:19:13 -06:00

test_negoex_mech.c

gss: plug leak in test_negoex_mech

2020-03-02 17:16:58 +11:00

test_ntlm.c

Round #2 of scan-build warnings cleanup

2016-11-16 17:03:14 -06:00

test_oid.c

Always perform == or != operation on cmp function result

2021-11-24 22:30:44 -05:00

version-script.map

gss: remove gss_get_instance()

2022-01-30 14:20:05 -05:00