| b26a7af4 | 31-Jan-2026 |
John Baldwin <jhb@FreeBSD.org> |
heimdal: Pass the correct pointer to free in an error case
This fixes a warning reported by GCC 14 on stable/14:
crypto/heimdal/lib/hdb/keys.c:241:13: warning: 'free' called on pointer 'ext' with n
heimdal: Pass the correct pointer to free in an error case
This fixes a warning reported by GCC 14 on stable/14:
crypto/heimdal/lib/hdb/keys.c:241:13: warning: 'free' called on pointer 'ext' with nonzero offset 16 [-Wfree-nonheap-object]
241 | free(hist_keys);
| ^~~~~~~~~~~~~~~
crypto/heimdal/lib/hdb/keys.c:234:15: note: returned from 'calloc'
234 | ext = calloc(1, sizeof (*ext));
| ^~~~~~~~~~~~~~~~~~~~~~~~
Reviewed by: rmacklem, cy
Fixes: 5000d023a446 ("heimdal-kadmin: Add support for the -f dump option")
Differential Revision: https://reviews.freebsd.org/D54932
show more ...
|
| 219b6e44 | 17-Apr-2024 |
Dimitry Andric <dim@FreeBSD.org> |
heimdal: asn1: Use unsigned bitfields for named bitsets
Import upstream 6747e1628:
asn1: Use unsigned bitfields for named bitsets
Signed 1-bit bitfields are undefined in C.
This should fix th
heimdal: asn1: Use unsigned bitfields for named bitsets
Import upstream 6747e1628:
asn1: Use unsigned bitfields for named bitsets
Signed 1-bit bitfields are undefined in C.
This should fix the following warnings, which for unknown reasons are
errors in CI:
/usr/src/crypto/heimdal/lib/hx509/ca.c:1020:22: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
1020 | ku.digitalSignature = 1;
| ^ ~
/usr/src/crypto/heimdal/lib/hx509/ca.c:1021:21: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
1021 | ku.keyEncipherment = 1;
| ^ ~
/usr/src/crypto/heimdal/lib/hx509/ca.c:1028:17: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
1028 | ku.keyCertSign = 1;
| ^ ~
/usr/src/crypto/heimdal/lib/hx509/ca.c:1029:13: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
1029 | ku.cRLSign = 1;
| ^ ~
PR: 276960
Fixes: 1b7487592987
MFC after: 1 week
show more ...
|
| cec2adb0 | 07-Mar-2024 |
Brooks Davis <brooks@FreeBSD.org> |
heimdal: don't try to expose nonexistant symbols
For one reason or another these symbols aren't present so don't try to
make them available for linkage.
In the case of libroken these seem to be com
heimdal: don't try to expose nonexistant symbols
For one reason or another these symbols aren't present so don't try to
make them available for linkage.
In the case of libroken these seem to be compatability bits we don't
need a thus don't compile. For others it seems to rot upstream, but
I've not investigated deeply.
Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D44246
show more ...
|
| fc773115 | 15-Feb-2024 |
Cy Schubert <cy@FreeBSD.org> |
heimdal: Fix NULL deref
A flawed logical condition allows a malicious actor to remotely
trigger a NULL pointer dereference using a crafted negTokenInit
token.
Upstream notes:
Reported to Heimd
heimdal: Fix NULL deref
A flawed logical condition allows a malicious actor to remotely
trigger a NULL pointer dereference using a crafted negTokenInit
token.
Upstream notes:
Reported to Heimdal by Michał Kępień <michal@isc.org>.
From the report:
Acknowledgement
---------------
This flaw was found while working on addressing ZDI-CAN-12302: ISC BIND
TKEY Query Heap-based Buffer Overflow Remote Code Execution
Vulnerability, which was reported to ISC by Trend Micro's Zero Day
Security: CVE-2022-3116
Obtained from: upstream 7a19658c1
MFC after: 1 week
show more ...
|
| 60616b44 | 15-Feb-2024 |
Cy Schubert <cy@FreeBSD.org> |
heimdal: always confirm PA-PKINIT-KX for anon PKINIT
Import upstream 38c797e1a.
Upstream notes:
RFC8062 Section 7 requires verification of the PA-PKINIT-KX key
excahnge when anonymous PKIN
heimdal: always confirm PA-PKINIT-KX for anon PKINIT
Import upstream 38c797e1a.
Upstream notes:
RFC8062 Section 7 requires verification of the PA-PKINIT-KX key
excahnge when anonymous PKINIT is used. Failure to do so can
permit an active attacker to become a man-in-the-middle.
Reported by: emaste
Obtained from: upstream 38c797e1a
Security: CVE-2019-12098
MFC after: 1 week
show more ...
|
| f6d5d31c | 09-Dec-2022 |
Cy Schubert <cy@FreeBSD.org> |
heimdal: kadm5_c_get_principal() should check return code
kadm5_c_get_principal() should check the return code from
kadm5_ret_principal_ent(). As it doesn't it assumes success when
there is none and
heimdal: kadm5_c_get_principal() should check return code
kadm5_c_get_principal() should check the return code from
kadm5_ret_principal_ent(). As it doesn't it assumes success when
there is none and can lead to potential vulnerability. Fix this.
Reported by: rtm@csail.mit.edu
MFC after: 3 days
show more ...
|
| 671f5582 | 26-Nov-2022 |
Cy Schubert <cy@FreeBSD.org> |
heimdal: Check return code from _hdb_fetch_kvno()
A malformed principal will cause kadmind to segfault. The PR
addresses only when chpass is requested but delete is also affected.
Fix both.
PR: 26
heimdal: Check return code from _hdb_fetch_kvno()
A malformed principal will cause kadmind to segfault. The PR
addresses only when chpass is requested but delete is also affected.
Fix both.
PR: 268002
Reported by: Robert Morris <rtm@lcs.mit.edu>
MFC after: 3 days
show more ...
|