git.tremily.us Git - krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Sat, 15 Oct 2011 16:56:26 +0000 (16:56 +0000)
committer	Greg Hudson <ghudson@mit.edu>
	Sat, 15 Oct 2011 16:56:26 +0000 (16:56 +0000)
commit	2b7be6fbfdc920bff5ab89213931e69bed5bfed6
tree	8768f868e09c07869da41f48fb9b5c8ac09b75f2	tree \| snapshot
parent	36ff44c9b39a5e1a18db6f654baffdc974422147	commit \| diff

Allow rd_priv/rd_safe without remote address

Allow krb5_rd_priv and krb5_rd_safe to work when there is no remote
address set in the auth context, unless the KRB5_AUTH_CONTEXT_DO_TIMES
flag is set (in which case we need the remote address for the replay
cache name). Note that failing to set the remote address can create a
vulnerability to reflection attacks in some protocols, although it is
fairly easy to defend against--either use sequence numbers, or make
sure that requests don't look like replies, or both.

ticket: 6978

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25355 dc483132-0cff-0310-8789-dd5450dbe970

MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.

RSS Atom

src/lib/krb5/krb/privsafe.c		diff \| blob \| history
src/lib/krb5/krb/rd_priv.c		diff \| blob \| history
src/lib/krb5/krb/rd_safe.c		diff \| blob \| history