Multiple security vulnerabilities have been discovered in the Heimdal

implementation of the Kerberos 5 network authentication protocols and KDC.

- - CVE-2022-42898 PAC parse integer overflows
- - CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
- - CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
- - CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
- - CVE-2019-14870 Validate client attributes in protocol-transition
- - CVE-2019-14870 Apply forwardable policy in protocol-transition
- - CVE-2019-14870 Always lookup impersonate client in DB

Obtained from: FreeBSD

Author: laffer1

crypto/heimdal/admin/change.c

@@ -217,7 +217,6 @@ kt_change (struct change_options *opt, int argc, char **argv)
     krb5_kt_end_seq_get(context, keytab, &cursor);
 
     if (ret == KRB5_KT_END) {
-	ret = 0;
 	for (i = 0; i < j; i++) {
 	    if (verbose_flag) {
 		char *client_name;

crypto/heimdal/appl/gssmask/gssmask.c

@@ -949,7 +949,9 @@ HandleOP(WrapExt)
     memcpy(p, iov[4].buffer.value, iov[4].buffer.length);
     p += iov[4].buffer.length;
     memcpy(p, iov[5].buffer.value, iov[5].buffer.length);
+#ifndef __clang_analyzer__
     p += iov[5].buffer.length;
+#endif
 
     gss_release_iov_buffer(NULL, iov, iov_len);
 

crypto/heimdal/kadmin/kadmind.c

@@ -116,7 +116,11 @@ main(int argc, char **argv)
     }
 
     argc -= optidx;
+#ifndef __clang_analyzer__
     argv += optidx;
+#endif
+    if (argc != 0)
+        usage(1);
 
     if (config_file == NULL) {
 	asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context));

crypto/heimdal/kadmin/mod.c

@@ -106,7 +106,7 @@ static void
 add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ,
 	    struct getarg_strings *strings)
 {
-    krb5_error_code ret;
+    krb5_error_code ret = 0;
     HDB_extension ext;
     krb5_data buf;
     krb5_principal p;
@@ -127,9 +127,16 @@ add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ,
 		   sizeof(ext.data.u.aliases.aliases.val[0]));
 	ext.data.u.aliases.aliases.len = strings->num_strings;
 
-	for (i = 0; i < strings->num_strings; i++) {
+	for (i = 0; ret == 0 && i < strings->num_strings; i++) {
 	    ret = krb5_parse_name(contextp, strings->strings[i], &p);
-	    ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
+            if (ret)
+                krb5_err(contextp, 1, ret, "Could not parse alias %s",
+                         strings->strings[i]);
+            if (ret == 0)
+                ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
+            if (ret)
+                krb5_err(contextp, 1, ret, "Could not copy parsed alias %s",
+                         strings->strings[i]);
 	    krb5_free_principal(contextp, p);
 	}
     }

crypto/heimdal/kadmin/stash.c

@@ -103,7 +103,10 @@ stash(struct stash_options *opt, int argc, char **argv)
 	    }
 	}
 	ret = krb5_string_to_key_salt(context, enctype, buf, salt, &key);
-	ret = hdb_add_master_key(context, &key, &mkey);
+        if (ret == 0)
+            ret = hdb_add_master_key(context, &key, &mkey);
+        if (ret)
+            krb5_warn(context, errno, "setting master key");
 	krb5_free_keyblock_contents(context, &key);
     }
 

crypto/heimdal/kcm/protocol.c

@@ -423,7 +423,7 @@ kcm_op_get_principal(krb5_context context,
     free(name);
     kcm_release_ccache(context, ccache);
 
-    return 0;
+    return ret;
 }
 
 /*

crypto/heimdal/kdc/digest.c

@@ -1461,6 +1461,10 @@ _kdc_do_digest(krb5_context context,
     ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT,
 				     buf.data, buf.length, 0,
 				     &rep.innerRep);
+    if (ret) {
+        krb5_prepend_error_message(context, ret, "Failed to encrypt digest: ");
+        goto out;
+    }
 
     ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret);
     if (ret) {

crypto/heimdal/kdc/hpropd.c

@@ -107,7 +107,9 @@ main(int argc, char **argv)
     }
 
     argc -= optidx;
+#ifndef __clang_analyzer__
     argv += optidx;
+#endif
 
     if (argc != 0)
 	usage(1);
@@ -125,6 +127,7 @@ main(int argc, char **argv)
 	krb5_ticket *ticket;
 	char *server;
 
+        memset(&ss, 0, sizeof(ss));
 	sock = STDIN_FILENO;
 #ifdef SUPPORT_INETD
 	if (inetd_flag == -1) {

crypto/heimdal/kdc/kdc-replay.c

@@ -184,6 +184,8 @@ main(int argc, char **argv)
 	    unsigned int tag2;
 	    ret = der_get_tag (r.data, r.length,
 			       &cl, &ty, &tag2, NULL);
+            if (ret)
+                krb5_err(context, 1, ret, "Could not decode replay data");
 	    if (MAKE_TAG(cl, ty, 0) != clty)
 		krb5_errx(context, 1, "class|type mismatch: %d != %d",
 			  (int)MAKE_TAG(cl, ty, 0), (int)clty);

crypto/heimdal/kdc/krb5tgs.c

@@ -1928,30 +1928,40 @@ tgs_build_reply(krb5_context context,
 	    if (ret)
 		goto out;
 
+	    ret = _kdc_db_fetch(context, config, tp, HDB_F_GET_CLIENT | flags,
+				NULL, &s4u2self_impersonated_clientdb,
+				&s4u2self_impersonated_client);
+	    if (ret) {
+		const char *msg;
+
+		/*
+		 * If the client belongs to the same realm as our krbtgt, it
+		 * should exist in the local database.
+		 *
+		 */
+
+		if (ret == HDB_ERR_NOENTRY)
+		    ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+		msg = krb5_get_error_message(context, ret);
+		kdc_log(context, config, 2,
+			"S4U2Self principal to impersonate %s not found in database: %s",
+			tpn, msg);
+		krb5_free_error_message(context, msg);
+		goto out;
+	    }
+
+	    free(s4u2self_impersonated_client->entry.pw_end);
+	    s4u2self_impersonated_client->entry.pw_end = NULL;
+
+	    ret = kdc_check_flags(context, config, s4u2self_impersonated_client, tpn,
+				  NULL, NULL, FALSE);
+	    if (ret)
+		goto out;
+
 	    /* If we were about to put a PAC into the ticket, we better fix it to be the right PAC */
 	    if(rspac.data) {
 		krb5_pac p = NULL;
 		krb5_data_free(&rspac);
-		ret = _kdc_db_fetch(context, config, tp, HDB_F_GET_CLIENT | flags,
-				    NULL, &s4u2self_impersonated_clientdb, &s4u2self_impersonated_client);
-		if (ret) {
-		    const char *msg;
-
-		    /*
-		     * If the client belongs to the same realm as our krbtgt, it
-		     * should exist in the local database.
-		     *
-		     */
-
-		    if (ret == HDB_ERR_NOENTRY)
-			ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
-		    msg = krb5_get_error_message(context, ret);
-		    kdc_log(context, config, 1,
-			    "S2U4Self principal to impersonate %s not found in database: %s",
-			    tpn, msg);
-		    krb5_free_error_message(context, msg);
-		    goto out;
-		}
 		ret = _kdc_pac_generate(context, s4u2self_impersonated_client, &p);
 		if (ret) {
 		    kdc_log(context, config, 0, "PAC generation failed for -- %s",
@@ -1987,10 +1997,12 @@ tgs_build_reply(krb5_context context,
 
 	    /*
 	     * If the service isn't trusted for authentication to
-	     * delegation, remove the forward flag.
+	     * delegation or if the impersonate client is disallowed
+	     * forwardable, remove the forwardable flag.
 	     */
 
-	    if (client->entry.flags.trusted_for_delegation) {
+	    if (client->entry.flags.trusted_for_delegation &&
+		s4u2self_impersonated_client->entry.flags.forwardable) {
 		str = "[forwardable]";
 	    } else {
 		b->kdc_options.forwardable = 0;