Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
From: ghudson@mit.edu
Subject: SVN Commit
X-RT-Original-Encoding: iso-8859-1
Content-Length: 711


Allow krb5_rd_priv and krb5_rd_safe to work when there is no remote
address set in the auth context, unless the KRB5_AUTH_CONTEXT_DO_TIMES
flag is set (in which case we need the remote address for the replay
cache name).  Note that failing to set the remote address can create a
vulnerability to reflection attacks in some protocols, although it is
fairly easy to defend against--either use sequence numbers, or make
sure that requests don't look like replies, or both.

https://github.com/krb5/krb5/commit/2b7be6fbfdc920bff5ab89213931e69bed5bfed6
Commit By: ghudson
Revision: 25355
Changed Files:
U   trunk/src/lib/krb5/krb/privsafe.c
U   trunk/src/lib/krb5/krb/rd_priv.c
U   trunk/src/lib/krb5/krb/rd_safe.c