summaryrefslogtreecommitdiff
path: root/third_party/heimdal
Commit message (Collapse)AuthorAgeFilesLines
* third_party/heimdal: Import lorikeet-heimdal-202305160500 (commit ↵Joseph Sutton2023-05-186-18/+29
| | | | | | | | | 8836d64dee78a74aa740e31b7ad406b8a8cfdad0) NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN! Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* third_party/heimdal: Import lorikeet-heimdal-202303200103 (commit ↵Joseph Sutton2023-03-31235-2188/+5973
| | | | | | | | | 2ee541b5e963f7cffb1ec4acd1a8cc45426a9f28) NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN! Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2022-37966 kdc: Implement new Kerberos session key behaviour since ↵Andrew Bartlett2022-12-134-10/+47
| | | | | | | | | | | | | | | | | ENC_HMAC_SHA1_96_AES256_SK was added ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this CVE to indicate that additionally, AES session keys are available. We set the etypes available for session keys depending on the encryption types that are supported by the principal. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219 Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2022-37966 third_party/heimdal: Fix error message typoJoseph Sutton2022-12-131-1/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2022-37967 Add new PAC checksumJoseph Sutton2022-12-133-29/+143
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15231 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2022-37966 HEIMDAL: Look up the server keys to combine with clients ↵Andrew Bartlett2022-12-131-1/+1
| | | | | | | | | | | | | | etype list to select a session key We need to select server, not client, to compare client etypes against. (It is not useful to compare the client-supplied encryption types with the client's own long-term keys.) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2022-44640 HEIMDAL: asn1: invalid free in ASN.1 codecNicolas Williams2022-12-065-6/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Heimdal's ASN.1 compiler generates code that allows specially crafted DER encodings of CHOICEs to invoke the wrong free function on the decoded structure upon decode error. This is known to impact the Heimdal KDC, leading to an invalid free() of an address partly or wholly under the control of the attacker, in turn leading to a potential remote code execution (RCE) vulnerability. This error affects the DER codec for all CHOICE types used in Heimdal, though not all cases will be exploitable. We have not completed a thorough analysis of all the Heimdal components affected, thus the Kerberos client, the X.509 library, and other parts, may be affected as well. This bug has been in Heimdal since 2005. It was first reported by Douglas Bagnall, though it had been found independently by the Heimdal maintainers via fuzzing a few weeks earlier. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14929 (cherry-picked from Heimdal commit 9c9dac2b169255bad9071eea99fa90b980dde767) Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Dec 6 13:41:05 UTC 2022 on sn-devel-184
* CVE-2022-42898: HEIMDAL: lib/krb5: fix _krb5_get_int64 on systems where ↵Stefan Metzmacher2022-11-241-1/+1
| | | | | | | | | | | 'unsigned long' is just 32-bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2022-42898 third_party/heimdal: PAC parse integer overflowsJoseph Sutton2022-11-152-218/+444
| | | | | | | | | | | | | | | | | Catch overflows that result from adding PAC_INFO_BUFFER_SIZE. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203 Heavily edited by committer Nico Williams <nico@twosigma.com>, original by Joseph Sutton <josephsutton@catalyst.net.nz>. Signed-off-by: Nico Williams <nico@twosigma.com> [jsutton@samba.org Zero-initialised header_size in krb5_pac_parse() to avoid a maybe-uninitialized error; added a missing check for ret == 0] Autobuild-User(master): Jule Anger <janger@samba.org> Autobuild-Date(master): Tue Nov 15 17:02:52 UTC 2022 on sn-devel-184
* third_party/heimdal: import lorikeet-heimdal-202210310104 (commit ↵Andrew Bartlett2022-11-02154-1751/+6672
| | | | | | | | | | | | | | 0fc20ff4144973047e6aaaeb2fc8708bd75be222) This commit won't compile on it's own, as we need to fix the build system to cope in the next commit. The purpose of this commit is to update to a new lorikeet-heimdal tree that includes the previous two patches and is rebased on a current Heimdal master snapshot. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
* heimdal: Fix the 32-bit build on FreeBSDVolker Lendecke2022-11-025-7/+7
| | | | | | | | REF: https://github.com/heimdal/heimdal/pull/1004 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15220 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* third_party/heimdal: Introduce macro for common plugin structure elementsJoseph Sutton2022-11-0217-62/+57
| | | | | | | | | | | | | | | | | Heimdal's HDB plugin interface, and hence Samba's KDC that depends upon it, doesn't work on 32-bit builds due to structure fields being arranged in the wrong order. This problem presents itself in the form of segmentation faults on 32-bit systems, but goes unnoticed on 64-bit builds thanks to extra structure padding absorbing the errant fields. This commit reorders the HDB plugin structure fields to prevent crashes and introduces a common macro to ensure every plugin presents a consistent interface. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15110 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2022-3437 third_party/heimdal: Pass correct length to _gssapi_verify_pad()Joseph Sutton2022-10-251-2/+2
| | | | | | | | | | | | | | We later subtract 8 when calculating the length of the output message buffer. If padlength is excessively high, this calculation can underflow and result in a very large positive value. Now we properly constrain the value of padlength so underflow shouldn't be possible. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2022-3437 third_party/heimdal: Check for overflow in _gsskrb5_get_mech()Joseph Sutton2022-10-251-0/+2
| | | | | | | | | | | | | | If len_len is equal to total_len - 1 (i.e. the input consists only of a 0x60 byte and a length), the expression 'total_len - 1 - len_len - 1', used as the 'len' parameter to der_get_length(), will overflow to SIZE_MAX. Then der_get_length() will proceed to read, unconstrained, whatever data follows in memory. Add a check to ensure that doesn't happen. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2022-3437 third_party/heimdal: Check buffer length against overflow for ↵Joseph Sutton2022-10-251-0/+14
| | | | | | | | | DES{,3} unwrap BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2022-3437 third_party/heimdal: Check the result of _gsskrb5_get_mech()Joseph Sutton2022-10-251-0/+4
| | | | | | | | | | We should make sure that the result of 'total_len - mech_len' won't overflow, and that we don't memcmp() past the end of the buffer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2022-3437 third_party/heimdal: Avoid undefined behaviour in ↵Joseph Sutton2022-10-251-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | _gssapi_verify_pad() By decrementing 'pad' only when we know it's safe, we ensure we can't stray backwards past the start of a buffer, which would be undefined behaviour. In the previous version of the loop, 'i' is the number of bytes left to check, and 'pad' is the current byte we're checking. 'pad' was decremented at the end of each loop iteration. If 'i' was 1 (so we checked the final byte), 'pad' could potentially be pointing to the first byte of the input buffer, and the decrement would put it one byte behind the buffer. That would be undefined behaviour. The patch changes it so that 'pad' is the byte we previously checked, which allows us to ensure that we only decrement it when we know we have a byte to check. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2022-3437 third_party/heimdal: Don't pass NULL pointers to memcpy() in ↵Joseph Sutton2022-10-251-6/+8
| | | | | | | | | DES unwrap BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() in unwrap_des3()Joseph Sutton2022-10-251-1/+1
| | | | | | | | | | The surrounding checks all use ct_memcmp(), so this one was presumably meant to as well. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() for arcfour unwrapJoseph Sutton2022-10-251-7/+7
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2022-3437 third_party/heimdal: Remove __func__ compatibility workaroundJoseph Sutton2022-10-251-4/+0
| | | | | | | | | | | | As described by the C standard, __func__ is a variable, not a macro. Hence this #ifndef check does not work as intended, and only serves to unconditionally disable __func__. A nonoperating __func__ prevents cmocka operating correctly, so remove this definition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2022-2031 third_party/heimdal: Add function to get current KDC timeJoseph Sutton2022-07-273-0/+8
| | | | | | | | | | This allows the plugin to check the endtime of a ticket against the KDC's current time, to see if the ticket will expire in the next two minutes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
* CVE-2022-2031 third_party/heimdal: Check generate_pac() return codeJoseph Sutton2022-07-271-1/+3
| | | | | | | | If the function fails, we should not issue a ticket missing the PAC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
* third_party/heimdal: import lorikeet-heimdal-202203101710 (commit ↵Stefan Metzmacher2022-03-113-41/+134
| | | | | | | | | | | | | | | df8d801544144949931cd742169be1207b239c3d) This fixes the regressions against KDCs without FAST support. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Mar 11 18:06:47 UTC 2022 on sn-devel-184
* third_party/heimdal: import lorikeet-heimdal-202203101709 (commit ↵Stefan Metzmacher2022-03-1113-10/+590
| | | | | | | | | | 47863866da25cc21d292ce335a976b8b33fa1864) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
* third_party/heimdal: import lorikeet-heimdal-202203031927 (commit ↵Stefan Metzmacher2022-03-0616-45/+189
| | | | | | | | | | | 7abc451ddd74d0c2e57dbb32f3198bde8def73ab) NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* third_party/heimdal: import lorikeet-heimdal-202203010107 (commit ↵Joseph Sutton2022-03-01428-7392/+14519
| | | | | | | | | | | | 0e7a12404c388e831fe6933fcc3c86e7eb334825) NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* HEIMDAL: move code from source4/heimdal* to third_party/heimdal*Stefan Metzmacher2022-01-192638-0/+1259893
This makes it clearer that we always want to do heimdal changes via the lorikeet-heimdal repository. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Autobuild-User(master): Joseph Sutton <jsutton@samba.org> Autobuild-Date(master): Wed Jan 19 21:41:59 UTC 2022 on sn-devel-184
View Lorry Controller Status