The branch, v4-6-test has been updated via f502340 HEIMDAL:kdc: fix dh->q allocation check in get_dh_param() via c6dfb4e HEIMDAL: don't bother seeing q if not sent via 03c69a5 HEIMDAL: allow optional q in DH DomainParameters from f69814f g_lock: fix cleanup of stale entries in g_lock_trylock()
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test - Log ----------------------------------------------------------------- commit f502340923f089f9ac4fa060dc21471b59c29c56 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Aug 29 07:24:35 2017 +0200 HEIMDAL:kdc: fix dh->q allocation check in get_dh_param() Thanks to Doug Nazar <naz...@nazar.ca> for spotting this! BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986 Signed-off-by: Stefan Metzmacher <me...@samba.org> (cherry picked from heimdal commit a79b59ba27070a015479e8d981b7e685dbe34310) Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit 183e5d1e3dc306491c06f94c8c98e4882c64bc27) Autobuild-User(v4-6-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-6-test): Sun Dec 24 01:15:07 CET 2017 on sn-devel-144 commit c6dfb4e1cc5decc61589865ba5e8e1fa4378ee5f Author: Love Hornquist Astrand <l...@h5l.org> Date: Mon Apr 29 11:42:46 2013 -0700 HEIMDAL: don't bother seeing q if not sent BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986 Reviewed-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> (cherry picked from heimdal commit 19f9fdbcea11013cf13ac72c416f161ee55dee2b) Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Mon Aug 28 15:10:54 CEST 2017 on sn-devel-144 (cherry picked from commit dd3e06f14ec1788a59e4c6ba4ea165fd77b9135e) commit 03c69a536d0d2ea74683a013042d278fc87698c7 Author: Love Hornquist Astrand <l...@h5l.org> Date: Mon Apr 29 11:37:39 2013 -0700 HEIMDAL: allow optional q in DH DomainParameters BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986 Reviewed-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> (cherry picked from heimdal commit e8317b955f5a390c4f296871ba6987ad05478c95) (cherry picked from commit 9f245aafdca8397df7dc050e25cfd858aeb1cc7f) ----------------------------------------------------------------------- Summary of changes: source4/heimdal/kdc/pkinit.c | 11 +++++++---- source4/heimdal/lib/asn1/rfc2459.asn1 | 2 +- source4/heimdal/lib/krb5/pkinit.c | 7 ++++++- 3 files changed, 14 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c index d85b156..ad7f3ef 100644 --- a/source4/heimdal/kdc/pkinit.c +++ b/source4/heimdal/kdc/pkinit.c @@ -361,7 +361,7 @@ get_dh_param(krb5_context context, } ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits, - &dhparam.p, &dhparam.g, &dhparam.q, moduli, + &dhparam.p, &dhparam.g, dhparam.q, moduli, &client_params->dh_group_name); if (ret) { /* XXX send back proposal of better group */ @@ -381,9 +381,12 @@ get_dh_param(krb5_context context, dh->g = integer_to_BN(context, "DH base", &dhparam.g); if (dh->g == NULL) goto out; - dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q); - if (dh->g == NULL) - goto out; + + if (dhparam.q) { + dh->q = integer_to_BN(context, "DH p-1 factor", dhparam.q); + if (dh->q == NULL) + goto out; + } { heim_integer glue; diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 b/source4/heimdal/lib/asn1/rfc2459.asn1 index 5df9e41..d6c273d 100644 --- a/source4/heimdal/lib/asn1/rfc2459.asn1 +++ b/source4/heimdal/lib/asn1/rfc2459.asn1 @@ -239,7 +239,7 @@ ValidationParms ::= SEQUENCE { DomainParameters ::= SEQUENCE { p INTEGER, -- odd prime, p=jq +1 g INTEGER, -- generator, g - q INTEGER, -- factor of p-1 + q INTEGER OPTIONAL, -- factor of p-1 j INTEGER OPTIONAL, -- subgroup factor validationParms ValidationParms OPTIONAL -- ValidationParms } diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c index 1103a17..c30a298 100644 --- a/source4/heimdal/lib/krb5/pkinit.c +++ b/source4/heimdal/lib/krb5/pkinit.c @@ -497,7 +497,12 @@ build_auth_pack(krb5_context context, free_DomainParameters(&dp); return ret; } - ret = BN_to_integer(context, dh->q, &dp.q); + dp.q = calloc(1, sizeof(*dp.q)); + if (dp.q == NULL) { + free_DomainParameters(&dp); + return ENOMEM; + } + ret = BN_to_integer(context, dh->q, dp.q); if (ret) { free_DomainParameters(&dp); return ret; -- Samba Shared Repository