[12115] in Kerberos-V5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[krbdev.mit.edu #6978] SVN Commit

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Sat Oct 15 12:56:29 2011

Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6978@krbdev.mit.edu>
Message-ID: <rt-6978-34335.4.63608211448694@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6978'":;"'AdminCc of krbdev.mit.edu Ticket #6978'":;@MIT.EDU
Date: Sat, 15 Oct 2011 12:56:27 -0400 (EDT)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu

Allow krb5_rd_priv and krb5_rd_safe to work when there is no remote
address set in the auth context, unless the KRB5_AUTH_CONTEXT_DO_TIMES
flag is set (in which case we need the remote address for the replay
cache name).  Note that failing to set the remote address can create a
vulnerability to reflection attacks in some protocols, although it is
fairly easy to defend against--either use sequence numbers, or make
sure that requests don't look like replies, or both.

http://src.mit.edu/fisheye/changelog/krb5/?cs=25355
Commit By: ghudson
Revision: 25355
Changed Files:
U   trunk/src/lib/krb5/krb/privsafe.c
U   trunk/src/lib/krb5/krb/rd_priv.c
U   trunk/src/lib/krb5/krb/rd_safe.c

_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[12115] in Kerberos-V5-bugs

[krbdev.mit.edu #6978] SVN Commit

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)Sat Oct 15 12:56:29 2011

daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Sat Oct 15 12:56:29 2011