summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* Typo.Gravatar Karl Ramm2010-08-22
|
* cleanup a couple of decades old zwrite nitsGravatar Karl Ramm2010-08-22
| | | | | Don't free the incoming notice if we don't know for sure there's one. Drop the message on read error in the tty case.
* further increase rabidity of .gitignoreGravatar Karl Ramm2010-08-22
|
* increase rabidity of .gitignoreGravatar Karl Ramm2010-08-22
|
* rewrite ZMakeZcodeRealmAuthentication to be less ugly and shorterGravatar Karl Ramm2010-08-22
| | | | | | | | | | | I am becoming increasingly enamored with the fall-through on error clean-up-everything-at-the-end style of C error handling and resource management. Also remove some misleading/useless/wrong comments. (also fix a problem in the tickets expired case where it was using the wrong (possibly undefined) authenticator lengh)
* tweak find_or_replace_uid storage algorithmGravatar Karl Ramm2010-08-22
| | | | | | | | | | | | | | | | | | | | | Per Nelson Elhage: find_or_insert_uid sorts 'buffer' by the uid, which is a remotely-provided field. However, in order to expire uids, it does: while (num && (now - buffer[start % size].t) > CLOCK_SKEW) start++, num--; start %= size; i.e. starts from the start of the queue and goes until it finds something sufficiently new. Since the queue ordering is attacker-controlled, we can send an arbitrarily-long sequence of decreasing uids, consuming memory and forcing the client into an ever-growing quadratic loop to insert them at the beginning. -- Solve this by not keeping the buffer sorted; just tack the incoming uids on the end. This way an attacker can make us keep five minutes worth of UIDs, but only five minutes, and also anecdotally a client under attack spends all of its CPU sort uids.
* fixes for krb5 being more careful about ticket expirationGravatar Karl Ramm2010-08-22
| | | | | | | | | | | | krb5 actually checks in mk_req and fails if the ticks are expired, rather than giving you an authenticator that would fail and, handing you the session key that you'd already negotiated. This causes (meh) sending auth to fail as opposed to just ending up unauthentic and (poor) verifiable messages to look unauthentic or forged. So get the session key from the ccache without checking the expiration time, and have the cert routine skip making an authenticator if krb5_mk_req_extended says the ticket is expired.
* Note for posterity that this is an external-facing functionGravatar Karl Ramm2010-08-22
|
* variables are unused in the HAVE_ARES case, make gcc shut upGravatar Karl Ramm2010-08-22
|
* Make sure broken packets get timed out from the queue.Gravatar Karl Ramm2010-08-22
| | | | | | | (The time used to be set before the bounds check, so one could potentially get an accumulation of packets in the queue without timestamps that could never be assembled into a full notice; thanks to nelhage@mit.edu for noticing.)
* properly set the hostmanager address back if sending an ACK failsGravatar Karl Ramm2010-08-22
| | | | (thanks to nelhage@mit.edu for noticing this)
* multinotice values should just never be negativeGravatar Karl Ramm2010-08-22
|
* fix an allocation-size braino and rearrange for readabilityGravatar Karl Ramm2010-08-22
|
* Fix a leak if ZNewFormatSmallRawNotice fails. (thanks to nelhage@mit.edu for ↵Gravatar Karl Ramm2010-08-22
| | | | noticing)
* Don't crash if the header mysteriously gets too big. (Thanks to ↵Gravatar Karl Ramm2010-08-22
| | | | nelhage@mit.edu for noticing)
* Fix some formatting, and add some paranoia about oversized headers.Gravatar Karl Ramm2010-08-22
| | | | (Thanks to nelhage@mit.edu for noticing the formatting problem)
* fix subscriptions-too-wide-breaks-braindump problemGravatar Karl Ramm2010-07-28
| | | | | | | | only send one sub per packet in braindump refactor bdump_send_list_tcp and send_normal_tcp brain dump can now cleanly receive overlarge encrypted packets refactor subscr_send_subs and subscr_send_realm_subs nuke trailing whitespace
* Fix getting data out of gethostbyname; should fix #69Gravatar Karl Ramm2010-07-28
|
* we are preparing 3.0.1Gravatar Karl Ramm2010-07-28
|
* autoconf test for etext, cleanup #ifdefs for ancient stuff we don't build onGravatar Karl Ramm2010-03-17
|
* It is the twenty-first century, we don't need #ifdef ladders anymore.Gravatar Karl Ramm2010-03-17
|
* roleplay accordingly with sin_len and sin6_len values on BSD systemsGravatar Karl Ramm2009-12-18
|
* regenerate configureGravatar Karl Ramm2009-10-12
|
* ss_perror -> com_errGravatar Karl Ramm2009-10-12
| | | | | | As a precursor to loosening the dependency on ss. (Thanks to Ken Raeburn)
* Print only some fields of ZGetDestAddr to dodge sin_lenGravatar Karl Ramm2009-10-12
| | | | | | | | | Print only the fields of ZGetDestAddr we care about checking -- the address family and address. We can't just print the whole structure and selectively examine fields, because we can't easily determine whether sin_len will be present or not. (from Ken Raeburn)
* Print more info for certain test failures.Gravatar Karl Ramm2009-10-12
| | | | (from Ken Raeburn)
* support Darwin/BSD sockaddr structures with _len fieldsGravatar Karl Ramm2009-10-12
| | | | | | | | Initial support for examining and printing sockaddr structures on Darwin and *BSD, where _len fields are present and the _family field is 8 bits. (from Ken Raeburn)
* Add a .gitignore file, as most of us are using git-svn.Gravatar Karl Ramm2009-10-12
| | | | (from Ken Raeburn)
* With xzwrite gone, we don't need libdyn.Gravatar Karl Ramm2009-10-10
|
* Add process size estimation for Mac OS X on x86.Gravatar Karl Ramm2009-10-10
|
* You'd think I'd know better.Gravatar Karl Ramm2009-10-09
|
* simplify error handlingGravatar Karl Ramm2009-10-08
|
* bump version #Gravatar Karl Ramm2009-10-06
|
* New versionless libreadline-dev metapackage. Yay.Gravatar Karl Ramm2009-09-29
|
* Refactor error handling slightly in get_tgtGravatar Karl Ramm2009-08-27
| | | | | (which coincidentally keeps us from reporting the wrong function with an error code)
* get_tgt() should not fail if built krb5-only and it can't find a des keyGravatar Karl Ramm2009-08-27
| | | | Also clean up some indentation and add error logging.
* For now check incoming interrealm stuff with both keyusages because itGravatar Karl Ramm2009-08-27
| | | | turns out that derived-key stuff actually worked if you were using heimdal.
* krb5_init_keyblock is ugly and I'm not sure what it's doing there anywayGravatar Karl Ramm2009-08-22
|
* Fix a casefolding bug. [64-bit]Gravatar Karl Ramm2009-08-22
| | | | | | | | | | | | | | In valid_utf8_p(), uc was improperly typed and never initialized. On 64-bit systems, this means that success is dependent on previous stack contents. If the upper 32 bits are not zero, the null terminator is not caught and the function continues reading past the end of the string until: 1) Invalid UTF-8 is encountered 2) An invalid unicode codepoint is encountered. 3) segfault 1 and 2 are much more likely, but 3 is a danger.
* new config.{guess,sub}Gravatar Karl Ramm2009-08-22
|
* don't tell people to send mail @mit.eduGravatar Karl Ramm2009-08-14
|
* oddly, this works on debianGravatar Karl Ramm2009-08-14
|
* We ain't in alpha no more, buckyGravatar Karl Ramm2009-08-14
|
* when setting location, wait for SERVACKs _and_ SERVNAKSGravatar Karl Ramm2009-08-11
|
* ZCheckSrvAuthentication says "YES", "NO", or "FAILED"Gravatar Karl Ramm2009-08-10
|
* this gets free'd later...Gravatar Karl Ramm2009-08-09
|
* less fragile autoconf heimdal/api difference detection thanks to ↵Gravatar Karl Ramm2009-08-09
| | | | cg2v@ANDREW.CMU.EDU
* it is the TWENTY-FIRST CENTURY, we can STOP USING K&RGravatar Karl Ramm2009-08-09
|
* if __USE_XOPEN_EXTENDED is already defined, there was an annoying message;Gravatar Karl Ramm2009-08-09
| | | | also, we probably shouldn't undefine it
* change the prototype variable name "class" to match the actual function ↵Gravatar Karl Ramm2009-08-09
| | | | "class_name"
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-21 05:01:03 +0000