52d5fdf939
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17019 ec53bebd-3082-4978-b11e-865c3cabbd6b
320 lines
10 KiB
Plaintext
320 lines
10 KiB
Plaintext
2006-04-08 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/store.c (krb5_ret_principal): fix memory leak Coverity,
|
|
NetBSD CID#1695
|
|
|
|
* kdc/524.c (_kdc_do_524): Handle memory allocation failure
|
|
Coverity, NetBSD CID#2752
|
|
|
|
2006-04-07 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/keytab_file.c (krb5_kt_ret_principal): plug a memory
|
|
leak Coverity NetBSD CID#1890
|
|
|
|
* kdc/hprop.c (main): make sure type doesn't need to be set
|
|
|
|
* kdc/mit_dump.c (mit_prop_dump): close fd when done processing
|
|
Coverity NetBSD CID#1955
|
|
|
|
* kdc/string2key.c (tokey): catch warnings, free memory after use.
|
|
Based on Coverity NetBSD CID#1894
|
|
|
|
* kdc/hprop.c (main): remove dead code. Coverity NetBSD CID#633
|
|
|
|
2006-04-04 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kpasswd/kpasswd-generator.c (read_words): catch empty file case,
|
|
will cause PBE (division by zero) later. From Tobias Stoeckmann.
|
|
|
|
2006-04-02 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/keytab.c: Remove a delta from last revision that should
|
|
have gone in later.
|
|
|
|
* lib/krb5/krbhst.c: fix spelling
|
|
|
|
* lib/krb5/send_to_kdc.c (send_and_recv_http): don't expose freed
|
|
pointer, found by IBM checker.
|
|
|
|
* lib/krb5/rd_cred.c (krb5_rd_cred): don't expose freed pointer,
|
|
found by IBM checker.
|
|
|
|
* lib/krb5/addr_families.c (krb5_make_addrport): clear return
|
|
value on error, found by IBM checker.
|
|
|
|
* kdc/kerberos5.c (check_addresses): treat netbios as no addresses
|
|
|
|
* kdc/{kerberos4,kaserver}.c: _kdc_check_flags takes hdb_entry_ex
|
|
|
|
* kdc/kerberos5.c (_kdc_check_flags): make it take hdb_entry_ex to
|
|
avoid ?:'s at callers
|
|
|
|
* lib/krb5/v4_glue.c: Avoid using free memory, found by IBM
|
|
checker.
|
|
|
|
* lib/krb5/transited.c (expand_realm): avoid passing NULL to
|
|
strlen, found by IBM checker.
|
|
|
|
* lib/krb5/rd_cred.c (krb5_rd_cred): avoid a memory leak on malloc
|
|
failure, found by IBM checker.
|
|
|
|
* lib/krb5/krbhst.c (_krb5_krbhost_info_move): replace a strcpy
|
|
with a memcpy
|
|
|
|
* lib/krb5/keytab_keyfile.c (get_cell_and_realm): plug a memory
|
|
leak, found by IBM checker.
|
|
|
|
* lib/krb5/keytab_file.c (fkt_next_entry_int): remove a
|
|
dereferencing NULL pointer, found by IBM checker.
|
|
|
|
* lib/krb5/init_creds_pw.c (init_creds_init_as_req): in AS-REQ the
|
|
cname must always be given, don't avoid that fact and remove a
|
|
cname == NULL case. Plugs a memory leak found by IBM checker.
|
|
|
|
* lib/krb5/init_creds_pw.c (default_s2k_func): avoid exposing
|
|
free-ed memory on error. Found by IBM checker.
|
|
|
|
* lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): use
|
|
calloc to avoid uninitialized memory problem.
|
|
|
|
* lib/krb5/data.c (krb5_copy_data): avoid exposing free-ed memory
|
|
on error. Found by IBM checker.
|
|
|
|
* lib/krb5/fcache.c (fcc_gen_new): fix a use after free, found by
|
|
IBM checker.
|
|
|
|
* lib/krb5/config_file.c (krb5_config_vget_strings): IBM checker
|
|
thought it found a memory leak, it didn't, but there was another
|
|
error in the code, lets fix that instead.
|
|
|
|
* lib/krb5/cache.c (_krb5_expand_default_cc_name): plug memory
|
|
leak. Found by IBM checker.
|
|
|
|
* lib/krb5/cache.c (_krb5_expand_default_cc_name): avoid return
|
|
pointer to freed memory in the error case. Found by IBM checker.
|
|
|
|
* lib/hdb/keytab.c (hdb_resolve): off by one, found by IBM
|
|
checker.
|
|
|
|
* lib/hdb/keys.c (hdb_generate_key_set): set ret_key_set before
|
|
going into the error clause and freeing key_set. Found by IBM
|
|
checker. Make sure ret == 0 after of parse error, we catch the
|
|
"no entries parsed" case later.
|
|
|
|
* lib/krb5/log.c (krb5_addlog_dest): make string length match
|
|
strings in strcasecmp. Found by IBM checker.
|
|
|
|
2006-03-30 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/hdb-ldap.c (LDAP_message2entry): in declaration set
|
|
variable_name as "hdb_entry_ex"
|
|
(hdb_ldap_common): change "arg" in condition (if) to "search_base"
|
|
(hdb_ldapi_create): change "serach_base" to "search_base" From
|
|
Alex V. Labuta.
|
|
|
|
* lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit); fix
|
|
prototype
|
|
|
|
* kuser/kinit.c: Add pool of certificates to help certificate path
|
|
building for clients sending incomplete path in the signedData.
|
|
|
|
2006-03-28 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/pkinit.c: Add pool of certificates to help certificate path
|
|
building for clients sending incomplete path in the signedData.
|
|
|
|
* lib/krb5/pkinit.c: Add pool of certificates to help certificate
|
|
path building for clients sending incomplete path in the
|
|
signedData.
|
|
|
|
2006-03-27 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/config.c: Allow passing in related certificates used to
|
|
build the chain.
|
|
|
|
* kdc/pkinit.c: Allow passing in related certificates used to
|
|
build the chain.
|
|
|
|
* kdc/kerberos5.c (log_patype): Add case for
|
|
KRB5_PADATA_PA_PK_OCSP_RESPONSE.
|
|
|
|
* tools/Makefile.am: Spelling
|
|
|
|
* tools/krb5-config.in: Add hx509 when using PK-INIT.
|
|
|
|
* tools/Makefile.am: Add hx509 when using PK-INIT.
|
|
|
|
2006-03-26 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/acache.c: Use ticket flags definition, might fix Mac OS
|
|
X Kerberos.app problems.
|
|
|
|
* lib/krb5/krb5_ccapi.h: Add ticket flags definitions
|
|
|
|
* lib/krb5/pkinit.c: Use less openssl, spell chelling.
|
|
|
|
* kdc/pkinit.c (pk_mk_pa_reply_dh): encode the DH public key with
|
|
asn1 wrapping
|
|
|
|
* configure.in (AC_CONFIG_FILES): add lib/hx509/Makefile
|
|
|
|
* lib/Makefile.am: Add hx509.
|
|
|
|
* lib/krb5/Makefile.am: Add libhx509.la when PKINIT is used.
|
|
|
|
* configure.in: define automake PKINIT variable
|
|
|
|
* kdc/pkinit.c: Switch to hx509.
|
|
|
|
* lib/krb5/pkinit.c: Switch to hx509.
|
|
|
|
2006-03-24 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/kerberos5.c (log_patypes): log the patypes requested by the
|
|
client
|
|
|
|
2006-03-23 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): pass down the
|
|
req_buffer in the w2k case too. From Douglas E. Engert.
|
|
|
|
2006-03-19 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): on failure, goto
|
|
error handling. Fixes Coverity NetBSD CID 2591 by catching a
|
|
failing krb5_copy_keyblock()
|
|
|
|
2006-03-17 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/addr_families.c (krb5_free_addresses): reset val,len in
|
|
address when free-ing. Fixes Coverity NetBSD bug #2605
|
|
(krb5_parse_address): reset val,len before possibly return errors
|
|
Fixes Coverity NetBSD bug #2605
|
|
|
|
2006-03-07 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/send_to_kdc.c (recv_loop): it should never happen, but
|
|
make sure nbytes > 0
|
|
|
|
* lib/krb5/get_for_creds.c (add_addrs): handle the case where
|
|
addr->len == 0 and n == 0, then realloc might return NULL.
|
|
|
|
* lib/krb5/crypto.c (decrypt_*): handle the case where the
|
|
plaintext is 0 bytes long, realloc might then return NULL.
|
|
|
|
2006-02-28 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/krb5_string_to_key.3: Drop krb5_string_to_key_derived.
|
|
|
|
* lib/krb5/krb5.3: Remove krb5_string_to_key_derived.
|
|
|
|
* lib/krb5/crypto.c (AES_string_to_key): drop _krb5_PKCS5_PBKDF2
|
|
and use PKCS5_PBKDF2_HMAC_SHA1 instead.
|
|
|
|
* lib/krb5/aes-test.c: reformat, avoid free-ing un-init'd memory
|
|
|
|
* lib/krb5/aes-test.c: Only use PKCS5_PBKDF2_HMAC_SHA1.
|
|
|
|
2006-02-27 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* doc/setup.texi: remove cartouches - we don't use them anywhere
|
|
else, they should be around the example, not inside it, and
|
|
probably shouldn't be used in html at all
|
|
|
|
2006-02-18 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/krb5_warn.3: Document that applications want to use
|
|
krb5_get_error_message, add example.
|
|
|
|
2006-02-16 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/crypto.c (krb5_generate_random_block): check return
|
|
value from RAND_bytes
|
|
|
|
* lib/krb5/error_string.c: Change indentation, update (c)
|
|
|
|
2006-02-14 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/pkinit.c: Make struct krb5_dh_moduli available when
|
|
compiling w/o pkinit.
|
|
|
|
2006-02-13 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/pkinit.c: update to new paChecksum definition, update
|
|
the dhgroup handling
|
|
|
|
* kdc/pkinit.c: update to new paChecksum definition, use
|
|
hdb_entry_ex
|
|
|
|
2006-02-09 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/krb5_locl.h: Move Configurable options to last in the
|
|
file.
|
|
|
|
* lib/krb5/krb5_locl.h: Wrap KRB5_ADDRESSLESS_DEFAULT with #ifndef
|
|
|
|
2006-02-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kpasswd/kpasswdd.c: Send back a better error-message to the
|
|
client in case the password change was rejected.
|
|
|
|
* lib/krb5/krb5_warn.3: Document krb5_get_error_message.
|
|
|
|
* lib/krb5/error_string.c (krb5_get_error_message): new function,
|
|
and combination of krb5_get_error_string and krb5_get_err_text
|
|
|
|
* lib/krb5/krb5.3: sort, and krb5_get_error_message
|
|
|
|
* lib/hdb/hdb-ldap.c: Log the filter string to the error message
|
|
when doing searches.
|
|
|
|
* lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags):
|
|
Use KRB5_ADDRESSLESS_DEFAULT when
|
|
checking [appdefault]no-addresses.
|
|
|
|
* lib/krb5/get_cred.c (get_cred_from_kdc_flags): Use
|
|
KRB5_ADDRESSLESS_DEFAULT when checking
|
|
[appdefault]no-addresses.
|
|
|
|
* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
|
|
Use [appdefault]no-addresses before checking if the krbtgt is
|
|
address-less, use KRB5_ADDRESSLESS_DEFAULT.
|
|
|
|
* lib/krb5/krb5_locl.h: Introduce KRB5_ADDRESSLESS_DEFAULT that
|
|
controlls all address-less behavior. Defaults to false.
|
|
|
|
2006-02-01 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/n-fold-test.c: main is not a KRB5_LIB_FUNCTION
|
|
|
|
* lib/krb5/mk_priv.c (krb5_mk_priv): abort if ASN1_MALLOC_ENCODE
|
|
failes to produce the matching lenghts.
|
|
|
|
2006-01-27 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kcm/protocol.c (kcm_op_retrieve): remove unused variable
|
|
|
|
2006-01-15 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* tools/krb5-config.in: Move depenency on @LIB_dbopen@ to
|
|
kadm-server, kerberos library doesn't depend on db-library.
|
|
|
|
2006-01-13 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* include/Makefile.am: Don't clean crypto headers, they now live
|
|
in hcrypto/. Add hcrypto to SUBDIRS.
|
|
|
|
* include/hcrypto/Makefile.am: clean installed headers
|
|
|
|
* include/make_crypto.c: include crypto headers from hcrypto/
|
|
|
|
* include/make_crypto.c: Include more crypto headerfiles. Remove
|
|
support for old hash names.
|
|
|
|
2006-01-02 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/misc.c (_kdc_db_fetch): use calloc to allocate the entry,
|
|
from Andrew Bartlet.
|
|
|
|
* Happy New Year.
|