| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
The fact that the Heimdal and MIT APIs are subtly different strikes again.
I am honestly starting to wonder if they make it look this similar just
to frustrate people; I only don't believe it because neither team seems
like that sort of person. Fixes #74.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Since these are constants used in the protocol be explicit about what values
the C compiler is assigning them, and that they can't be arbitrarily
rearranged.
Also, since we were promising strings for describing them in zephyr.h
actually define the array.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
notice->z_authent_authent_len will be zero.
|
|
|
|
|
|
| |
with SO_REUSADDR set on a given port, other people can also open listening
sockets with SO_REUSEADDR set, so turn SO_REUSADDR back off after we've
bound our port.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
the pointer
|
| |
|
| |
|
|
|
|
| |
(thanks to wthrowe@mit.edu)
|
|
|
|
| |
wthrowe@mit.edu
|
|
|
|
|
|
| |
Call it cares consistently, though.
(regenerate configure, pulling in a new config.{guess,sub})
|
|
|
|
| |
and it breaks the build when there isn't a utmp.h
|
|
|
|
| |
ignore TAGS
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
nuke-trailing-whitespace.
|
|
|
|
|
|
|
| |
Some systems don't have it, having shaken off the shackles of fixed
lengths. Unfortunately rewriting these things "right" in a fashion
portable to unembraced-and-extended C libraries is aggravating. So do it
wrong until we decide to bite the bullet and demand glib.
|
| |
|
|
|
|
|
| |
Don't free the incoming notice if we don't know for sure there's one.
Drop the message on read error in the tty case.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I am becoming increasingly enamored with the fall-through on error
clean-up-everything-at-the-end style of C error handling and resource
management.
Also remove some misleading/useless/wrong comments.
(also fix a problem in the tickets expired case where it was using
the wrong (possibly undefined) authenticator lengh)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per Nelson Elhage:
find_or_insert_uid sorts 'buffer' by the uid, which is a
remotely-provided field. However, in order to expire uids, it does:
while (num && (now - buffer[start % size].t) > CLOCK_SKEW)
start++, num--;
start %= size;
i.e. starts from the start of the queue and goes until it finds
something sufficiently new. Since the queue ordering is
attacker-controlled, we can send an arbitrarily-long sequence of
decreasing uids, consuming memory and forcing the client into an
ever-growing quadratic loop to insert them at the beginning.
--
Solve this by not keeping the buffer sorted; just tack the incoming
uids on the end. This way an attacker can make us keep five minutes
worth of UIDs, but only five minutes, and also anecdotally a client
under attack spends all of its CPU sort uids.
|
|
|
|
|
|
|
|
|
|
|
|
| |
krb5 actually checks in mk_req and fails if the ticks are expired,
rather than giving you an authenticator that would fail and, handing
you the session key that you'd already negotiated. This causes (meh)
sending auth to fail as opposed to just ending up unauthentic and
(poor) verifiable messages to look unauthentic or forged.
So get the session key from the ccache without checking the expiration
time, and have the cert routine skip making an authenticator if
krb5_mk_req_extended says the ticket is expired.
|
| |
|
| |
|
|
|
|
|
|
|
| |
(The time used to be set before the bounds check, so one could
potentially get an accumulation of packets in the queue without
timestamps that could never be assembled into a full notice; thanks to
nelhage@mit.edu for noticing.)
|
|
|
|
| |
(thanks to nelhage@mit.edu for noticing this)
|
| |
|
| |
|
|
|
|
| |
noticing)
|
|
|
|
| |
nelhage@mit.edu for noticing)
|
|
|
|
| |
(Thanks to nelhage@mit.edu for noticing the formatting problem)
|
|
|
|
|
|
|
|
| |
only send one sub per packet in braindump
refactor bdump_send_list_tcp and send_normal_tcp
brain dump can now cleanly receive overlarge encrypted packets
refactor subscr_send_subs and subscr_send_realm_subs
nuke trailing whitespace
|
| |
|
| |
|
| |
|