oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
Files
aa3355e3bf2afa4e984387bf77bcc339c3750ce6
heimdal/lib/gssapi/krb5
History
Joseph Sutton 2a4210b7e9 gsskrb5: CVE-2022-3437 Pass correct length to _gssapi_verify_pad() 
We later subtract 8 when calculating the length of the output message
buffer. If padlength is excessively high, this calculation can underflow
and result in a very large positive value.

Now we properly constrain the value of padlength so underflow shouldn't
be possible.

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-15 17:51:45 -06:00
..
8003.c
Use constant-time memcmp when comparing sensitive buffers
2022-04-30 13:35:52 -04:00
accept_sec_context.c
gsskrb5: Fix dead code issues in deleg cred path
2022-01-17 18:10:08 -06:00
acquire_cred.c
gsskrb5: Use optimistic anon PKINIT armored FAST
2021-12-30 18:54:54 +11:00
add_cred.c
gsskrb5: Check dst-TGT pokicy at store time
2020-07-09 13:27:11 -05:00
address_to_krb5addr.c
flatten include headers
2009-01-25 00:35:00 +00:00
aeap.c
lib/gssapi/krb5: implement gss_[un]wrap_iov[_length] with arcfour-hmac-md5
2015-07-31 17:30:23 +12:00
arcfour.c
gsskrb5: CVE-2022-3437 Use constant-time memcmp() for arcfour unwrap
2022-11-15 17:51:45 -06:00
authorize_localname.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
canonicalize_name.c
Revamp name canonicalization code
2015-03-24 11:49:58 -05:00
ccache_name.c
gss: implement gss_krb5_ccache_name()
2021-09-06 13:26:55 +10:00
cfx.c
gss: Fix UB
2022-11-01 16:10:57 -05:00
cfx.h
Switch from using a specific error message context in the TLS to have
2006-11-13 18:02:57 +00:00
compare_name.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
compat.c
remove trailing whitespace
2011-05-21 11:57:31 -07:00
context_time.c
Round #2 of scan-build warnings cleanup
2016-11-16 17:03:14 -06:00
copy_ccache.c
gsskrb5: Fix coverity issue
2022-01-20 13:28:57 -06:00
creds.c
gss: add oid/buffer storage helpers to mechglue
2021-08-10 10:16:54 +10:00
decapsulate.c
gsskrb5: CVE-2022-3437 Check for overflow in _gsskrb5_get_mech()
2022-11-15 17:51:45 -06:00
delete_sec_context.c
gssapi/krb5: delete_sec_context must close ccache if CLOSE_CCACHE
2020-06-29 11:40:48 -04:00
display_name.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
display_status.c
gss: avoid string concatenation warning in error message init
2021-05-17 10:09:01 +10:00
duplicate_cred.c
gsskrb5: Check dst-TGT pokicy at store time
2020-07-09 13:27:11 -05:00
duplicate_name.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
encapsulate.c
move _gssapi_make_mech_header to avoid need to prototype
2018-04-19 13:12:59 -04:00
export_name.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
export_sec_context.c
gssapi/krb5: _gsskrb5_export_sec_context copy/paste error
2022-01-14 23:01:30 -05:00
external.c
gss: Make krb5 name attrs table-driven
2022-01-08 10:38:01 +11:00
get_mic.c
use memset_s
2017-04-29 01:05:59 -04:00
gkrb5_err.et
gssapi: credential store extensions (#451)
2019-01-03 14:38:39 -06:00
gsskrb5_locl.h
gss: implement gss_krb5_ccache_name()
2021-09-06 13:26:55 +10:00
import_name.c
gss: Fix sign extension bug (from be708ca3cf)
2022-01-06 15:25:38 -06:00
import_sec_context.c
gssapi/krb5/{export,import}_sec_context: make smaller tokens.
2021-08-07 18:54:56 +10:00
indicate_mechs.c
Fix calling conventions for Windows
2010-08-20 13:14:10 -04:00
init_sec_context.c
rewrite fallthrough to HEIM_FALLTHROUGH to deal with new Apple SDKs
2022-09-16 15:58:45 -04:00
init.c
gss: register GSS_KRB5_S error table
2020-02-04 17:28:35 +11:00
inquire_context.c
Rename context handle lifetime to endtime
2015-04-14 11:27:25 -05:00
inquire_cred_by_mech.c
Fix gss_inquire_cred_by_mech.
2015-03-10 03:07:29 +00:00
inquire_cred_by_oid.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
inquire_cred.c
gssapi: credential store extensions (#451)
2019-01-03 14:38:39 -06:00
inquire_mechs_for_name.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
inquire_names_for_mech.c
remove trailing whitespace
2011-05-21 11:57:31 -07:00
inquire_sec_context_by_oid.c
gss: fix downlevel Windows interop regression
2020-04-13 10:26:38 +10:00
name_attrs.c
gsskrb5: Fix dead code in get_transited()
2022-01-17 11:50:16 -06:00
pname_to_uid.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
prf.c
Fix krb5's gss_pseudo_random() (n is big-endian)
2013-10-30 14:26:15 -05:00
process_context_token.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00
release_buffer.c
Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types.
2009-06-22 17:56:41 +00:00
release_cred.c
gsskrb5: Check dst-TGT pokicy at store time
2020-07-09 13:27:11 -05:00
release_name.c
Fix calling conventions for Windows
2010-08-20 13:14:10 -04:00
sequence.c
remove trailing whitespace
2011-05-21 11:57:31 -07:00
set_cred_option.c
krb5: Improve cccol sub naming; add gss_store_cred_into2()
2020-03-02 17:48:04 -06:00
set_sec_context_option.c
gss: implement gss_krb5_ccache_name()
2021-09-06 13:26:55 +10:00
store_cred.c
gsskrb5: Fix warnings
2022-01-14 17:39:05 -06:00
test_acquire_cred.c
Rewrite gss_add_cred() (fix #413)
2018-12-28 19:26:25 -06:00
test_cfx.c
switch to KRB5_ENCTYPE
2011-07-24 16:02:22 -07:00
test_cred.c
Rewrite gss_add_cred() (fix #413)
2018-12-28 19:26:25 -06:00
test_kcred.c
gss: Workaround valgrind "lifetime not equal" issue
2022-01-18 12:35:26 -06:00
test_oid.c
Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types.
2009-06-22 17:56:41 +00:00
test_sequence.c
Minor typo/grammar fixes
2017-03-10 15:47:43 -05:00
ticket_flags.c
Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types.
2009-06-22 17:56:41 +00:00
unwrap.c
gsskrb5: CVE-2022-3437 Pass correct length to _gssapi_verify_pad()
2022-11-15 17:51:45 -06:00
verify_mic.c
use memset_s
2017-04-29 01:05:59 -04:00
wrap.c
First attempt s/\<const gss_.*_t/gss_const_.*_t/g
2013-06-02 15:30:58 -05:00