[src/netbsd-1-6]: src/crypto/dist/heimdal/kdc Pull up revision 1.9 (requested...

[tron <tron%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/b592861bc8f9
branches:  netbsd-1-6
changeset: 530187:b592861bc8f9
user:      tron <tron%NetBSD.org@localhost>
date:      Fri Mar 21 09:21:47 2003 +0000

description:
Pull up revision 1.9 (requested by lha in ticket #1225):
Fix Kerberos 4 procotocol problem mentioned in
[MIT krb5 Security Advisory 2003-004]/[heimdal-0.5.2 release notes]
by disable support for it.

diffstat:

 crypto/dist/heimdal/kdc/config.c  |  22 +++++++++++++++++++---
 crypto/dist/heimdal/kdc/connect.c |   4 ++--
 2 files changed, 21 insertions(+), 5 deletions(-)

diffs (94 lines):

diff -r 39a3a53b689c -r b592861bc8f9 crypto/dist/heimdal/kdc/config.c
--- a/crypto/dist/heimdal/kdc/config.c  Fri Mar 21 08:43:55 2003 +0000
+++ b/crypto/dist/heimdal/kdc/config.c  Fri Mar 21 09:21:47 2003 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -35,7 +35,7 @@
 #include <getarg.h>
 #include <parse_bytes.h>
 
-RCSID("$Id: config.c,v 1.6 2001/09/17 12:32:35 assar Exp $");
+RCSID("$Id: config.c,v 1.6.2.1 2003/03/21 09:21:47 tron Exp $");
 
 static char *config_file;      /* location of kdc config file */
 
@@ -68,6 +68,7 @@
 char *v4_realm;
 int enable_v4 = -1;
 int enable_524 = -1;
+int enable_v4_cross_realm = -1;
 int enable_kaserver = -1;
 #endif
 
@@ -102,6 +103,10 @@
     {  "524",          0,      arg_negative_flag, &enable_524,
        "don't respond to 524 requests" 
     },
+    {  "kerberos4-cross-realm",        0,      arg_flag,
+       &enable_v4_cross_realm,
+       "respond to kerberos 4 requests from foreign realms" 
+    },
     { 
        "v4-realm",     'r',    arg_string, &v4_realm, 
        "realm to serve v4-requests for"
@@ -306,6 +311,12 @@
     if(enable_524 == -1)
        enable_524 = krb5_config_get_bool_default(context, cf, enable_v4, 
                                                  "kdc", "enable-524", NULL);
+    if(enable_v4_cross_realm == -1)
+       enable_v4_cross_realm =
+           krb5_config_get_bool_default(context, NULL,
+                                        FALSE, "kdc", 
+                                        "enable-kerberos4-cross-realm",
+                                        NULL);
 #endif
 
     if(enable_http == -1)
@@ -327,8 +338,11 @@
                                    "kdc",
                                    "v4-realm",
                                    NULL);
-       if(p)
+       if(p != NULL) {
            v4_realm = strdup(p);
+           if (v4_realm == NULL)
+               krb5_errx(context, 1, "out of memory");
+       }
     }
     if (enable_kaserver == -1)
        enable_kaserver = krb5_config_get_bool_default(context, cf, FALSE,
@@ -357,6 +371,8 @@
 #ifdef KRB4
     if(v4_realm == NULL){
        v4_realm = malloc(40); /* REALM_SZ */
+       if (v4_realm == NULL)
+           krb5_errx(context, 1, "out of memory");
        krb_get_lrealm(v4_realm, 1);
     }
 #endif
diff -r 39a3a53b689c -r b592861bc8f9 crypto/dist/heimdal/kdc/connect.c
--- a/crypto/dist/heimdal/kdc/connect.c Fri Mar 21 08:43:55 2003 +0000
+++ b/crypto/dist/heimdal/kdc/connect.c Fri Mar 21 09:21:47 2003 +0000
@@ -33,7 +33,7 @@
 
 #include "kdc_locl.h"
 
-RCSID("$Id: connect.c,v 1.7 2001/09/17 12:32:36 assar Exp $");
+RCSID("$Id: connect.c,v 1.7.2.1 2003/03/21 09:21:47 tron Exp $");
 
 /*
  * a tuple describing on what to listen
@@ -236,7 +236,7 @@
     krb5_error_code ret;
     struct sockaddr_storage __ss;
     struct sockaddr *sa = (struct sockaddr *)&__ss;
-    int sa_size;
+    int sa_size = sizeof(__ss);
 
     init_descr (d);