kdc/kerberos5.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 nfs_des

=== modified file 'kdc/kerberos5.c'

doc/setup.texi | 2 1 + 1 - 0 !
kdc/kdc.8 | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 debian

=== modified file 'doc/setup.texi'

lib/krb5/keytab_keyfile.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 openafs

===================================================================

tools/krb5-config.in | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 krb5-config-paths

=== modified file 'a/tools/krb5-config.in'

cf/pthreads.m4 | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 pthreads

=== modified file 'cf/pthreads.m4'

tools/heimdal-gssapi.pc.in | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 pkg-config-paths

=== modified file 'tools/heimdal-gssapi.pc.in'

po/Makefile.am | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 installsh

===================================================================

appl/gssmask/gssmask.c | 4 2 + 2 - 0 !
appl/kf/kfd.c | 2 1 + 1 - 0 !
appl/test/tcp_server.c | 2 1 + 1 - 0 !
kdc/kx509.c | 2 1 + 1 - 0 !
lib/gssapi/spnego/accept_sec_context.c | 2 1 + 1 - 0 !
lib/krb5/get_addrs.c | 2 1 + 1 - 0 !
lib/krb5/get_host_realm.c | 4 2 + 2 - 0 !
lib/krb5/krbhst-test.c | 2 1 + 1 - 0 !
lib/krb5/krbhst.c | 2 1 + 1 - 0 !
lib/krb5/principal.c | 8 4 + 4 - 0 !
lib/krb5/test_plugin.c | 2 1 + 1 - 0 !
lib/krb5/verify_init.c | 2 1 + 1 - 0 !
lib/roken/getaddrinfo_hostspec.c | 2 1 + 1 - 0 !
13 files changed, 18 insertions(+), 18 deletions(-)

 hurd_maxhostnamelen

lib/sl/slc-gram.y | 28 19 + 9 - 0 !
1 file changed, 19 insertions(+), 9 deletions(-)

 hurd_path_max

lib/kafs/afssys.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 hurd sundevdata

kadmin/Makefile.am | 1 1 + 0 - 0 !
kdc/Makefile.am | 4 4 + 0 - 0 !
kpasswd/Makefile.am | 1 1 + 0 - 0 !
lib/hdb/Makefile.am | 1 1 + 0 - 0 !
lib/kadm5/Makefile.am | 2 2 + 0 - 0 !
5 files changed, 9 insertions(+)

 link gssapi

Link against just build gssapi, instead of the system one this resolves
FTBFS when gssapi adds new symbols.

configure.ac | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 no build string

Remove hostname and build time from version as they make the build
unreproducible

lib/kadm5/Makefile.am | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 parallel build

tests/kdc/Makefile.am | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 disable iprop

tools/krb5-config.in | 17 1 + 16 - 0 !
1 file changed, 1 insertion(+), 16 deletions(-)

 canonical host

Disable use of @CANONICAL_HOST@, which is not reproducible.

https://github.com/heimdal/heimdal/issues/237

lib/roken/base64.c | 12 12 + 0 - 0 !
lib/roken/base64.h | 6 6 + 0 - 0 !
lib/roken/version-script.map | 2 2 + 0 - 0 !
3 files changed, 20 insertions(+)

 add back in base64_encode and base64_decode

These functions were removed upstream. See
https://github.com/heimdal/heimdal/issues/107

Unfortunately the SONAME was not incremented for libroken.  This could
cause breakage. This change reintroduces the old names until the SONAME
can be incremented.

lib/hcrypto/Makefile.am | 5 5 + 0 - 0 !
lib/hx509/Makefile.am | 4 2 + 2 - 0 !
2 files changed, 7 insertions(+), 2 deletions(-)

 fix-missing-headers

===================================================================

kdc/krb5tgs.c | 42 22 + 20 - 0 !
tests/kdc/check-kdc.in | 4 4 + 0 - 0 !
2 files changed, 26 insertions(+), 20 deletions(-)

 cve-2019-14870: always lookup impersonate client in db

Signed-off-by: Isaac Boukris <iboukris@gmail.com>

kdc/krb5tgs.c | 6 4 + 2 - 0 !
tests/kdc/check-kdc.in | 11 11 + 0 - 0 !
2 files changed, 15 insertions(+), 2 deletions(-)

 cve-2019-14870: apply forwardable policy in protocol-transition

Signed-off-by: Isaac Boukris <iboukris@gmail.com>

kdc/krb5tgs.c | 11 11 + 0 - 0 !
tests/kdc/check-kdc.in | 8 8 + 0 - 0 !
2 files changed, 19 insertions(+)

 cve-2019-14870: validate client attributes in protocol-transition

Signed-off-by: Isaac Boukris <iboukris@gmail.com>

lib/wind/Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

kdc/krb5tgs.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 cve-2021-3671 heimdal kdc: validate sname in tgs-req

lib/gssapi/krb5/arcfour.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch] address gcc bug 95189 memcmp wrongly stripped like strcmp

As documented in Russell O'Connor's blog, Heimdal when compiled with
some versions of gcc 9 and 10 would generate incorrect behaviors from
_gssapi_verify_mic_arcfour(), _gssapi_unwrap_arcfour(),
_gssapi_unwrap_iov_arcfour() and _gssapi_unwrap_iov_arcfour().

As a result of the bug, code of the form

   if (memcmp(a, "\x00\x00\x00\x00"))

and

   cmp = memcmp(a, "\x00\x00\x00\x00")

will be compiled as if it were written as

   if (strcmp(a, "\x00\x00\x00\x00"))

and

   cmp = strcmp(a, "\x00\x00\x00\x00")

but not

   if (memcmp(a, "\x00\x00\x00\x00") != 0)

and

   cmp = (memcmp(a, "\x00\x00\x00\x00") != 0)

Bad code is generated whenever one of the parameters to memcmp()
is a constant with at least one NUL in the first four octets and
the return value is used immediated without a boolean comparison.

The gcc bug 95189 has since been fixed.

This change applies a defensive programming technique to avoid
the broken code generation.

(cherry picked from commit 02200d55eaf01a3a21d52eccfa7eea02f9e8df72)

admin/change.c | 1 0 + 1 - 0 !
appl/gssmask/gssmask.c | 2 2 + 0 - 0 !
appl/otp/otp.c | 12 9 + 3 - 0 !
kadmin/ext.c | 2 1 + 1 - 0 !
kadmin/kadmind.c | 4 4 + 0 - 0 !
kadmin/mod.c | 13 10 + 3 - 0 !
kadmin/stash.c | 5 4 + 1 - 0 !
kcm/config.c | 2 2 + 0 - 0 !
kcm/protocol.c | 2 1 + 1 - 0 !
kdc/digest.c | 4 4 + 0 - 0 !
kdc/hpropd.c | 5 4 + 1 - 0 !
kdc/kdc-replay.c | 2 2 + 0 - 0 !
kdc/kstash.c | 2 2 + 0 - 0 !
kdc/pkinit.c | 2 0 + 2 - 0 !
kuser/kdestroy.c | 2 2 + 0 - 0 !
kuser/kgetcred.c | 3 3 + 0 - 0 !
kuser/kswitch.c | 5 3 + 2 - 0 !
lib/asn1/der_copy.c | 8 6 + 2 - 0 !
lib/base/bsearch.c | 24 13 + 11 - 0 !
lib/gssapi/krb5/accept_sec_context.c | 1 1 + 0 - 0 !
lib/gssapi/krb5/arcfour.c | 7 6 + 1 - 0 !
lib/gssapi/mech/gss_display_status.c | 3 1 + 2 - 0 !
lib/gssapi/mech/gss_import_name.c | 2 1 + 1 - 0 !
lib/gssapi/mech/gss_mech_switch.c | 2 2 + 0 - 0 !
lib/gssapi/mech/gss_pname_to_uid.c | 4 4 + 0 - 0 !
lib/gssapi/mech/mech_locl.h | 1 1 + 0 - 0 !
lib/gssapi/ntlm/init_sec_context.c | 2 2 + 0 - 0 !
lib/hcrypto/Makefile.am | 2 1 + 1 - 0 !
lib/hcrypto/bn.c | 5 3 + 2 - 0 !
lib/hcrypto/test_cipher.c | 6 4 + 2 - 0 !
lib/hdb/hdb-mitdb.c | 6 4 + 2 - 0 !
lib/hx509/hxtool.c | 1 1 + 0 - 0 !
lib/hx509/ks_file.c | 8 4 + 4 - 0 !
lib/hx509/name.c | 11 5 + 6 - 0 !
lib/hx509/softp11.c | 6 5 + 1 - 0 !
lib/ipc/client.c | 4 1 + 3 - 0 !
lib/kadm5/get_s.c | 2 1 + 1 - 0 !
lib/kadm5/init_c.c | 2 1 + 1 - 0 !
lib/kadm5/ipropd_master.c | 7 6 + 1 - 0 !
lib/kadm5/set_keys.c | 2 2 + 0 - 0 !
lib/kafs/afskrb5.c | 2 0 + 2 - 0 !
lib/kafs/rxkad_kdf.c | 1 1 + 0 - 0 !
lib/krb5/acl.c | 2 1 + 1 - 0 !
lib/krb5/addr_families.c | 2 1 + 1 - 0 !
lib/krb5/context.c | 2 1 + 1 - 0 !
lib/krb5/deprecated.c | 10 4 + 6 - 0 !
lib/krb5/enomem.c | 2 1 + 1 - 0 !
lib/krb5/init_creds_pw.c | 10 4 + 6 - 0 !
lib/krb5/keytab.c | 37 21 + 16 - 0 !
lib/krb5/krb5.h | 114 65 + 49 - 0 !
lib/krb5/krb5_ccapi.h | 2 1 + 1 - 0 !
lib/krb5/krbhst.c | 6 6 + 0 - 0 !
lib/krb5/plugin.c | 2 1 + 1 - 0 !
lib/krb5/rd_req.c | 9 4 + 5 - 0 !
lib/krb5/test_store.c | 2 1 + 1 - 0 !
lib/krb5/transited.c | 5 4 + 1 - 0 !
lib/roken/getaddrinfo.c | 6 4 + 2 - 0 !
lib/roken/getxxyyy.c | 2 1 + 1 - 0 !
lib/sl/sl.c | 2 2 + 0 - 0 !
lib/sqlite/Makefile.am | 2 2 + 0 - 0 !
lib/wind/idn-lookup.c | 6 4 + 2 - 0 !
tests/gss/check-context.in | 6 1 + 5 - 0 !
62 files changed, 258 insertions(+), 158 deletions(-)

 [patch] fix compiler warnings and build issues

lib/gssapi/spnego/accept_sec_context.c | 14 8 + 6 - 0 !
1 file changed, 8 insertions(+), 6 deletions(-)

 [patch] spnego: cve-2021-44758 send_reject when no mech selected

This fixes a DoS where an initial SPNEGO token that has no acceptable
mechanisms causes a NULL dereference in acceptors.

send_accept() when called with a non-zero 'initial_response' did
not handle the case of gssspnego_ctx.preferred_mech_type equal
to GSS_C_NO_OID.

The failure to handle GSS_C_NO_OID has been present since the
initial revision of gssapi/spnego,
2baa7e7d613c26b2b037b368931519a84baec53d but might not have
been exercised until later revisions.

The introduction of opportunistic token handling in
gss_accept_sec_context(), 3c9d3266f47f594a29068c9d629908e7000ac663,
introduced two bugs:

 1. The optional mechToken field is used unconditionally
    possibly resulting in a segmentation fault.

 2. If use of the opportunistic token is unsuccessful and the
    mech type list length is one, send_accept() can be called
    with 'initial_response' true and preferred mech set to
    GSS_C_NO_OID.

b53c90da0890a9cce6f95c552f094ff6d69027bf ("Make error reporting
somewhat more correct for SPNEGO") attempted to fix the first
issue and increased the likelihood of the second.

This change alters the behavior of acceptor_start() so it calls
send_reject() when no mechanism was selected.

lib/asn1/gen_decode.c | 12 6 + 6 - 0 !
lib/asn1/gen_free.c | 7 7 + 0 - 0 !
2 files changed, 13 insertions(+), 6 deletions(-)

 [patch] asn1: cve-2022-44640 invalid free in asn.1 codec

This is possibly a 10.0 on the Common Vulnerability Scoring System
(CVSS) v3.

Heimdal's ASN.1 compiler generates code that allows specially
crafted DER encodings of CHOICEs to invoke the wrong free function
on the decoded structure upon decode error.  This is known to impact
the Heimdal KDC, leading to an invalid free() of an address partly
or wholly under the control of the attacker, in turn leading to a
potential remote code execution (RCE) vulnerability.

This error affects the DER codec for all CHOICE types used in
Heimdal, though not all cases will be exploitable.  We have not
completed a thorough analysis of all the Heimdal components
affected, thus the Kerberos client, the X.509 library, and other
parts, may be affected as well.

This bug has been in Heimdal since 2005, though only Heimdal 1.6 and up
appear to be vulnerable.  It was first reported by Douglas Bagnall,
though it had been found independently by the Heimdal maintainers via
fuzzing a few weeks earlier.

While no zero-day exploit is known, such an exploit will likely be
available soon after public disclosure.

lib/gssapi/krb5/arcfour.c | 16 8 + 8 - 0 !
1 file changed, 8 insertions(+), 8 deletions(-)

 [patch] gsskrb5: cve-2022-3437 use constant-time memcmp() for arcfour
 unwrap

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

lib/gssapi/krb5/unwrap.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] gsskrb5: cve-2022-3437 use constant-time memcmp() in
 unwrap_des3()

The surrounding checks all use ct_memcmp(), so this one was presumably
meant to as well.

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

lib/gssapi/krb5/unwrap.c | 14 8 + 6 - 0 !
1 file changed, 8 insertions(+), 6 deletions(-)

 [patch] gsskrb5: cve-2022-3437 don't pass null pointers to memcpy()
 in DES unwrap

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

lib/gssapi/krb5/decapsulate.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch] gsskrb5: cve-2022-3437 avoid undefined behaviour in
 _gssapi_verify_pad()

By decrementing 'pad' only when we know it's safe, we ensure we can't
stray backwards past the start of a buffer, which would be undefined
behaviour.

In the previous version of the loop, 'i' is the number of bytes left to
check, and 'pad' is the current byte we're checking. 'pad' was
decremented at the end of each loop iteration. If 'i' was 1 (so we
checked the final byte), 'pad' could potentially be pointing to the
first byte of the input buffer, and the decrement would put it one
byte behind the buffer.

That would be undefined behaviour.

The patch changes it so that 'pad' is the byte we previously checked,
which allows us to ensure that we only decrement it when we know we
have a byte to check.

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

lib/gssapi/krb5/decapsulate.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 [patch] gsskrb5: cve-2022-3437 check the result of
 _gsskrb5_get_mech()

We should make sure that the result of 'total_len - mech_len' won't
overflow, and that we don't memcmp() past the end of the buffer.

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

lib/gssapi/krb5/unwrap.c | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 [patch] gsskrb5: cve-2022-3437 check buffer length against overflow
 for DES{,3} unwrap

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

lib/gssapi/krb5/decapsulate.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch] gsskrb5: cve-2022-3437 check for overflow in
 _gsskrb5_get_mech()

If len_len is equal to total_len - 1 (i.e. the input consists only of a
0x60 byte and a length), the expression 'total_len - 1 - len_len - 1',
used as the 'len' parameter to der_get_length(), will overflow to
SIZE_MAX. Then der_get_length() will proceed to read, unconstrained,
whatever data follows in memory. Add a check to ensure that doesn't
happen.

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

lib/gssapi/krb5/unwrap.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch] gsskrb5: cve-2022-3437 pass correct length to
 _gssapi_verify_pad()

We later subtract 8 when calculating the length of the output message
buffer. If padlength is excessively high, this calculation can underflow
and result in a very large positive value.

Now we properly constrain the value of padlength so underflow shouldn't
be possible.

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15134

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

lib/krb5/pac.c | 178 150 + 28 - 0 !
1 file changed, 150 insertions(+), 28 deletions(-)

 [patch] krb5: cve-2022-42898 pac parse integer overflows

Catch overflows that result from adding PAC_INFO_BUFFER_SIZE.

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=15203

Signed-off-by: Nico Williams <nico@twosigma.com>

lib/wind/normalize.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] lib/wind: find_normalize read past end of array

find_normalize() can under some circumstances read one element
beyond the input array.  The contents are discarded immediately
without further use.

This change prevents the unintended read.

(cherry picked from commit 357a38fc7fb582ae73f4b7f4a90a4b0b871b149e)

lib/krb5/store-int.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] lib/krb5: fix _krb5_get_int64 on 32-bit systems

On systems where 'unsigned long' is 32-bits and the 'size'
parameter is set to 8 and the bytes are:

  0x78 0x00 0x00 0x00 0x00 0x00 0x00 0x00

When 'i' becomes 4 'v' will be 0 again. As 'unsigned long' is only
able to hold 4 bytes.

Change the type of 'v' from 'unsigned long' to 'uint64_t' which
matches the type of the output parameter 'value'.

(cherry picked from commit 9d1bfab9882d0aa14ae0981e6667c93db93ffc5d)

Signed-off-by: Stefan Metzmacher <metze@samba.org>

lib/krb5/pac.c | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 [patch] lib/krb5: krb5_pac_parse mem leak if pac_header_size failure

48 byte memory leak from krb5_pac_parse() each time pac_header_size()
fails.

(cherry picked from commit 02f12fc746341f54a514e9e17bc7d315b91129e8)

kdc/kerberos5.c | 44 23 + 21 - 0 !
1 file changed, 23 insertions(+), 21 deletions(-)

 [patch] kdc: check generate_pac() return code

If the function fails, we should not issue a ticket missing the PAC.

(cherry picked from commit 05e589d2473a1bd225b0fc4670c75ba24091644d)
(cherry picked from commit d1e077c50b6b6e6108d70a0301b97f6904c45ca7)

lib/gssapi/krb5/arcfour.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch] cve-2022-45142: gsskrb5: fix accidental logic inversions

The referenced commit attempted to fix miscompilations with gcc-9 and
gcc-10 by changing `memcmp(...)` to `memcmp(...) != 0`. Unfortunately,
it also inverted the result of the comparison in two occasions. This
inversion happened during backporting the patch to 7.7.1 and 7.8.0.

Fixes: f6edaafcfefd ("gsskrb5: CVE-2022-3437 Use constant-time memcmp()
 for arcfour unwrap")
Signed-off-by: Helmut Grohne <helmut@subdivi.de>