From 261f3efe59a66483e5b4110b7d745ee74302588b Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Thu, 15 Sep 1994 04:22:13 +0000 Subject: [PATCH] Fix a number of pointer aliasing bugs Make sure the master key version number is propgated correctly for new keys. Fixed bug where process_client tried to free an automatic variable. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4237 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/server/ChangeLog | 18 +++++++++++++++ src/kadmin/server/adm_check.c | 1 + src/kadmin/server/adm_extern.h | 1 + src/kadmin/server/adm_funcs.c | 40 +++++++++++++-------------------- src/kadmin/server/adm_listen.c | 1 + src/kadmin/server/adm_nego.c | 1 + src/kadmin/server/adm_network.c | 1 + src/kadmin/server/adm_process.c | 6 ++--- src/kadmin/server/adm_server.c | 21 ++++++++++++++++- 9 files changed, 62 insertions(+), 28 deletions(-) diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog index 2873d2618..81726febf 100644 --- a/src/kadmin/server/ChangeLog +++ b/src/kadmin/server/ChangeLog @@ -1,3 +1,21 @@ +Wed Sep 14 22:33:23 1994 Theodore Y. Ts'o (tytso@dcl) + + * adm_server (init_db): Save a copy of the master key database + entry in the master_entry global variable. + + * adm_process.c (process_client): Removed calls to + free(final_msg.data), where final_msg.data was pointing to + an automatic variable. + + * adm_process.c (cpw_keyproc): In the case where the + keyprocarg->key is set, copy the keyblock instead of + passing a pointer down --- more pointer aliasing problems! + + * adm_funcs.c (adm_modify_kdb): Added calls to krb5_copy_principal + instead of merely assigning pointers to one another and + causing pointer aliasing problems. Make sure the master + key version number is propagated correctly. + Thu Aug 4 03:38:58 1994 Tom Yu (tlyu@dragons-lair) * Makefile.in: whoops install manpage as kadmin.8, not kadmin.1 diff --git a/src/kadmin/server/adm_check.c b/src/kadmin/server/adm_check.c index cb237a344..cd645c8fb 100644 --- a/src/kadmin/server/adm_check.c +++ b/src/kadmin/server/adm_check.c @@ -44,6 +44,7 @@ #include #include #include +#include #include "adm_extern.h" krb5_error_code diff --git a/src/kadmin/server/adm_extern.h b/src/kadmin/server/adm_extern.h index fc2bbdb73..7764588c2 100644 --- a/src/kadmin/server/adm_extern.h +++ b/src/kadmin/server/adm_extern.h @@ -51,6 +51,7 @@ typedef struct { extern krb5_encrypt_block master_encblock; extern krb5_keyblock master_keyblock; extern krb5_principal master_princ; +extern krb5_db_entry master_entry; extern volatile int signal_requests_exit; extern char *dbm_db_name; diff --git a/src/kadmin/server/adm_funcs.c b/src/kadmin/server/adm_funcs.c index 544f28e27..315767d99 100644 --- a/src/kadmin/server/adm_funcs.c +++ b/src/kadmin/server/adm_funcs.c @@ -60,20 +60,6 @@ struct saltblock { extern krb5_encrypt_block master_encblock; extern krb5_keyblock master_keyblock; -struct mblock { - krb5_deltat max_life; - krb5_deltat max_rlife; - krb5_timestamp expiration; - krb5_flags flags; - krb5_kvno mkvno; -} mblock = { /* XXX */ - KRB5_KDB_MAX_LIFE, - KRB5_KDB_MAX_RLIFE, - KRB5_KDB_EXPIRATION, - KRB5_KDB_DEF_FLAGS, - 0 -}; - typedef unsigned char des_cblock[8]; /* krb5_kvno may be narrow */ @@ -158,26 +144,32 @@ OLDDECLARG(krb5_db_entry *, entry) int one = 1; krb5_kvno KDB5_VERSION_NUM = 1; - krb5_deltat KDB5_MAX_TKT_LIFE = KRB5_KDB_MAX_LIFE; - krb5_deltat KDB5_MAX_REN_LIFE = KRB5_KDB_MAX_RLIFE; - krb5_timestamp KDB5_EXP_DATE = KRB5_KDB_EXPIRATION; extern krb5_flags NEW_ATTRIBUTES; if (!req_type) { /* New entry - initialize */ memset((char *) entry, 0, sizeof(krb5_db_entry)); - entry->principal = (krb5_principal) principal; + retval = krb5_copy_principal(principal, &entry->principal); + if (retval) + return retval; entry->kvno = KDB5_VERSION_NUM; - entry->max_life = KDB5_MAX_TKT_LIFE; - entry->max_renewable_life = KDB5_MAX_REN_LIFE; - entry->mkvno = mblock.mkvno; - entry->expiration = KDB5_EXP_DATE; - entry->mod_name = master_princ; + entry->max_life = master_entry.max_life; + entry->max_renewable_life = master_entry.max_renewable_life; + entry->mkvno = master_entry.mkvno; + entry->expiration = master_entry.expiration; + retval = krb5_copy_principal(master_princ, &entry->mod_name); + if (retval) { + krb5_free_principal(entry->principal); + entry->principal = 0; + return retval; + } } else { /* Modify existing entry */ entry->kvno++; #ifdef SANDIA entry->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; #endif - entry->mod_name = (krb5_principal) principal; + retval = krb5_copy_principal(principal, &entry->mod_name); + if (retval) + return retval; } if (key && key->length) { diff --git a/src/kadmin/server/adm_listen.c b/src/kadmin/server/adm_listen.c index aacde37a4..d5ef808e8 100644 --- a/src/kadmin/server/adm_listen.c +++ b/src/kadmin/server/adm_listen.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include diff --git a/src/kadmin/server/adm_nego.c b/src/kadmin/server/adm_nego.c index 7f31d0a55..e763cec6c 100644 --- a/src/kadmin/server/adm_nego.c +++ b/src/kadmin/server/adm_nego.c @@ -45,6 +45,7 @@ #include #include +#include #include "adm_extern.h" krb5_error_code diff --git a/src/kadmin/server/adm_network.c b/src/kadmin/server/adm_network.c index ef02864e5..0deec9f7e 100644 --- a/src/kadmin/server/adm_network.c +++ b/src/kadmin/server/adm_network.c @@ -43,6 +43,7 @@ #include #include #include +#include #include "adm_extern.h" extern int errno; diff --git a/src/kadmin/server/adm_process.c b/src/kadmin/server/adm_process.c index 4e3297f63..eca9fb040 100644 --- a/src/kadmin/server/adm_process.c +++ b/src/kadmin/server/adm_process.c @@ -69,7 +69,9 @@ OLDDECLARG(krb5_keyblock **, key) arg = ( struct cpw_keyproc_arg *) keyprocarg; if (arg->key) { - *key = arg->key; + retval = krb5_copy_keyblock(arg->key, key); + if (retval) + return retval; } else { if (retval = krb5_parse_name(client_server_info.name_of_service, &cpw_krb)) { @@ -417,10 +419,8 @@ char *prog; 0, &msg_data)) { syslog(LOG_ERR, "kadmind error Error Performing Final mk_priv"); - free(final_msg.data); goto finish; } - free(final_msg.data); /* Send Final Reply to Client */ if (retval = krb5_write_message(&client_server_info.client_socket, diff --git a/src/kadmin/server/adm_server.c b/src/kadmin/server/adm_server.c index 01b91c05f..a408331ff 100644 --- a/src/kadmin/server/adm_server.c +++ b/src/kadmin/server/adm_server.c @@ -73,6 +73,8 @@ global_client_server_info client_server_info; int classification; /* default = Unclassified */ #endif +krb5_db_entry master_entry; + krb5_flags NEW_ATTRIBUTES; cleanexit(val) @@ -287,7 +289,24 @@ krb5_keyblock *masterkeyblock; (void) krb5_db_fini(); return(retval); } - + +/* + * fetch the master database entry, and hold on to it. + */ + number_of_entries = 1; + if (retval = krb5_db_get_principal(masterkeyname, &master_entry, + &number_of_entries, &more)) { + return(retval); + } + if (number_of_entries != 1) { + if (number_of_entries) + krb5_db_free_principal(&master_entry, number_of_entries); + return(KRB5_KDB_NOMASTERKEY); + } else if (more) { + krb5_db_free_principal(&master_entry, number_of_entries); + return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); + } + /* fetch the TGS key, and hold onto it; this is an efficiency hack the master key name here is from the master_princ global, -- 2.26.2