freebsd-skq/crypto/heimdal/lib/krb5
delphij 3bf5fef4d3 MFV r320905: Import upstream fix for CVE-2017-11103.
In _krb5_extract_ticket() the KDC-REP service name must be obtained from
encrypted version stored in 'enc_part' instead of the unencrypted version
stored in 'ticket'.  Use of the unecrypted version provides an
opportunity for successful server impersonation and other attacks.

Submitted by:	hrs
Obtained from:	Heimdal
Security:	FreeBSD-SA-17:05.heimdal
Security:	CVE-2017-11103
2017-07-12 07:19:06 +00:00
..
acache.c
acl.c
add_et_list.c
addr_families.c
aes-test.c
aname_to_localname.c
appdefault.c
asn1_glue.c
auth_context.c
build_ap_req.c
build_auth.c
cache.c
ccache_plugin.h
changepw.c
codec.c
config_file.c
constants.c
context.c
convert_creds.c
copy_host_realm.c
crc.c
creds.c
crypto-aes.c
crypto-algs.c
crypto-arcfour.c
crypto-des3.c
crypto-des-common.c
crypto-des.c
crypto-evp.c
crypto-null.c
crypto-pk.c
crypto-rand.c
crypto-stubs.c
crypto.c
crypto.h
data.c
deprecated.c
derived-key-test.c
digest.c
doxygen.c
eai_to_heim_errno.c
error_string.c
expand_hostname.c
expand_path.c
fcache.c
free_host_realm.c
free.c
generate_seq_number.c
generate_subkey.c
get_addrs.c
get_cred.c libkrb5: Fix potential double-free 2016-05-11 23:25:59 +00:00
get_default_principal.c
get_default_realm.c
get_for_creds.c
get_host_realm.c
get_in_tkt.c
get_port.c
heim_err.et
init_creds_pw.c
init_creds.c
k524_err.et
kcm.c
kcm.h
kerberos.8
keyblock.c
keytab_any.c
keytab_file.c
keytab_keyfile.c
keytab_memory.c
keytab.c
krb5_425_conv_principal.3
krb5_acl_match_file.3
krb5_aname_to_localname.3
krb5_appdefault.3
krb5_auth_context.3
krb5_c_make_checksum.3
krb5_ccapi.h
krb5_check_transited.3
krb5_create_checksum.3
krb5_creds.3
krb5_digest.3
krb5_eai_to_heim_errno.3
krb5_encrypt.3
krb5_err.et
krb5_find_padata.3
krb5_generate_random_block.3
krb5_get_all_client_addrs.3
krb5_get_credentials.3
krb5_get_creds.3
krb5_get_forwarded_creds.3
krb5_get_in_cred.3
krb5_get_init_creds.3
krb5_get_krbhst.3
krb5_getportbyname.3
krb5_init_context.3
krb5_is_thread_safe.3
krb5_krbhst_init.3
krb5_locl.h
krb5_mk_req.3
krb5_mk_safe.3
krb5_openlog.3
krb5_parse_name.3
krb5_principal.3
krb5_rcache.3
krb5_rd_error.3
krb5_rd_safe.3
krb5_set_default_realm.3
krb5_set_password.3
krb5_string_to_key.3
krb5_timeofday.3
krb5_verify_init_creds.3
krb5_verify_user.3
krb5-private.h
krb5-protos.h
krb5-v4compat.h
krb5.conf.5
krb5.h
krb5.moduli
krb524_convert_creds_kdc.3
krb_err.et
krbhst-test.c
krbhst.c
kuserok.c
locate_plugin.h
log.c
Makefile.am
Makefile.in
mcache.c
misc.c
mit_glue.c
mk_error.c
mk_priv.c
mk_rep.c
mk_req_ext.c
mk_req.c
mk_safe.c
n-fold-test.c
n-fold.c
net_read.c
net_write.c
pac.c
padata.c
parse-name-test.c
pcache.c
pkinit.c
plugin.c
principal.c
prog_setup.c
prompter_posix.c
rd_cred.c
rd_error.c
rd_priv.c
rd_rep.c
rd_req.c
rd_safe.c
read_message.c
recvauth.c
replay.c
salt-aes.c
salt-arcfour.c
salt-des3.c
salt-des.c
salt.c
scache.c
send_to_kdc_plugin.h
send_to_kdc.c
sendauth.c
set_default_realm.c
sock_principal.c
store_emem.c
store_fd.c
store_mem.c
store-int.c
store-int.h
store-test.c
store.c
string-to-key-test.c
test_acl.c
test_addr.c
test_alname.c
test_cc.c
test_config.c
test_crypto_wrapping.c
test_crypto.c
test_forward.c
test_get_addrs.c
test_hostname.c
test_keytab.c
test_kuserok.c
test_mem.c
test_pac.c
test_pkinit_dh2key.c
test_plugin.c
test_prf.c
test_princ.c
test_renew.c
test_store.c
test_time.c
ticket.c MFV r320905: Import upstream fix for CVE-2017-11103. 2017-07-12 07:19:06 +00:00
time.c
transited.c
verify_init.c
verify_krb5_conf.8
verify_krb5_conf.c
verify_user.c
version-script.map
version.c
warn.c
write_message.c