[SCM] Samba Shared Repository - branch v4-7-test updated

Sun Dec 24 00:37:02 UTC 2017

The branch, v4-7-test has been updated
       via  424e40f HEIMDAL:kdc: fix dh->q allocation check in get_dh_param()
       via  d06e849 HEIMDAL: don't bother seeing q if not sent
       via  c793ac6 HEIMDAL: allow optional q in DH DomainParameters
      from  efc261d VERSION: Bump version up to 4.7.5...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -----------------------------------------------------------------
commit 424e40f75b03b5b9311d10c8d724c4aa8bb3c1a1
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Aug 29 07:24:35 2017 +0200

    HEIMDAL:kdc: fix dh->q allocation check in get_dh_param()
    
    Thanks to Doug Nazar <nazard at nazar.ca> for spotting this!
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from heimdal commit a79b59ba27070a015479e8d981b7e685dbe34310)
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    (cherry picked from commit 183e5d1e3dc306491c06f94c8c98e4882c64bc27)
    
    Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-7-test): Sun Dec 24 01:36:48 CET 2017 on sn-devel-144

commit d06e849e7238a6afff0797afdcac489889aae873
Author: Love Hornquist Astrand <lha at h5l.org>
Date:   Mon Apr 29 11:42:46 2013 -0700

    HEIMDAL: don't bother seeing q if not sent
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986
    
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from heimdal commit 19f9fdbcea11013cf13ac72c416f161ee55dee2b)
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Mon Aug 28 15:10:54 CEST 2017 on sn-devel-144
    
    (cherry picked from commit dd3e06f14ec1788a59e4c6ba4ea165fd77b9135e)

commit c793ac602cfc252f7dd2025e9ac0d17b06256d0d
Author: Love Hornquist Astrand <lha at h5l.org>
Date:   Mon Apr 29 11:37:39 2013 -0700

    HEIMDAL: allow optional q in DH DomainParameters
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986
    
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from heimdal commit e8317b955f5a390c4f296871ba6987ad05478c95)
    
    (cherry picked from commit 9f245aafdca8397df7dc050e25cfd858aeb1cc7f)

-----------------------------------------------------------------------

Summary of changes:
 source4/heimdal/kdc/pkinit.c          | 11 +++++++----
 source4/heimdal/lib/asn1/rfc2459.asn1 |  2 +-
 source4/heimdal/lib/krb5/pkinit.c     |  7 ++++++-
 3 files changed, 14 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
index d85b156..ad7f3ef 100644
--- a/source4/heimdal/kdc/pkinit.c
+++ b/source4/heimdal/kdc/pkinit.c
@@ -361,7 +361,7 @@ get_dh_param(krb5_context context,
     }
 
     ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
-			    &dhparam.p, &dhparam.g, &dhparam.q, moduli,
+			    &dhparam.p, &dhparam.g, dhparam.q, moduli,
 			    &client_params->dh_group_name);
     if (ret) {
 	/* XXX send back proposal of better group */
@@ -381,9 +381,12 @@ get_dh_param(krb5_context context,
     dh->g = integer_to_BN(context, "DH base", &dhparam.g);
     if (dh->g == NULL)
 	goto out;
-    dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q);
-    if (dh->g == NULL)
-	goto out;
+
+    if (dhparam.q) {
+	dh->q = integer_to_BN(context, "DH p-1 factor", dhparam.q);
+	if (dh->q == NULL)
+	    goto out;
+    }
 
     {
 	heim_integer glue;
diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 b/source4/heimdal/lib/asn1/rfc2459.asn1
index bf82f81..7843f65 100644
--- a/source4/heimdal/lib/asn1/rfc2459.asn1
+++ b/source4/heimdal/lib/asn1/rfc2459.asn1
@@ -239,7 +239,7 @@ ValidationParms ::= SEQUENCE {
 DomainParameters ::= SEQUENCE {
 	p		INTEGER, -- odd prime, p=jq +1
 	g		INTEGER, -- generator, g
-	q		INTEGER, -- factor of p-1
+	q		INTEGER OPTIONAL, -- factor of p-1
 	j		INTEGER OPTIONAL, -- subgroup factor
 	validationParms	ValidationParms OPTIONAL -- ValidationParms
 }
diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c
index 1103a17..c30a298 100644
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -497,7 +497,12 @@ build_auth_pack(krb5_context context,
 		free_DomainParameters(&dp);
 		return ret;
 	    }
-	    ret = BN_to_integer(context, dh->q, &dp.q);
+	    dp.q = calloc(1, sizeof(*dp.q));
+	    if (dp.q == NULL) {
+		free_DomainParameters(&dp);
+		return ENOMEM;
+	    }
+	    ret = BN_to_integer(context, dh->q, dp.q);
 	    if (ret) {
 		free_DomainParameters(&dp);
 		return ret;


-- 
Samba Shared Repository

