The Samba-Bugzilla – Attachment 13858 Details for
Bug 12986
Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-7-test (including the typo fix)
tmp47.diff.txt (text/plain), 4.68 KB, created by
Stefan Metzmacher
on 2017-12-13 12:22:29 UTC
(
hide
)
Description:
Patches for v4-7-test (including the typo fix)
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2017-12-13 12:22:29 UTC
Size:
4.68 KB
patch
obsolete
>From c3416d8d55abd3117ce0acacc368883a44c15c39 Mon Sep 17 00:00:00 2001 >From: Love Hornquist Astrand <lha@h5l.org> >Date: Mon, 29 Apr 2013 11:37:39 -0700 >Subject: [PATCH 1/3] HEIMDAL: allow optional q in DH DomainParameters > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986 > >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from heimdal commit e8317b955f5a390c4f296871ba6987ad05478c95) > >(cherry picked from commit 9f245aafdca8397df7dc050e25cfd858aeb1cc7f) >--- > source4/heimdal/kdc/pkinit.c | 2 +- > source4/heimdal/lib/asn1/rfc2459.asn1 | 2 +- > source4/heimdal/lib/krb5/pkinit.c | 7 ++++++- > 3 files changed, 8 insertions(+), 3 deletions(-) > >diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c >index d85b156..3a9e8f2 100644 >--- a/source4/heimdal/kdc/pkinit.c >+++ b/source4/heimdal/kdc/pkinit.c >@@ -361,7 +361,7 @@ get_dh_param(krb5_context context, > } > > ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits, >- &dhparam.p, &dhparam.g, &dhparam.q, moduli, >+ &dhparam.p, &dhparam.g, dhparam.q, moduli, > &client_params->dh_group_name); > if (ret) { > /* XXX send back proposal of better group */ >diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 b/source4/heimdal/lib/asn1/rfc2459.asn1 >index bf82f81..7843f65 100644 >--- a/source4/heimdal/lib/asn1/rfc2459.asn1 >+++ b/source4/heimdal/lib/asn1/rfc2459.asn1 >@@ -239,7 +239,7 @@ ValidationParms ::= SEQUENCE { > DomainParameters ::= SEQUENCE { > p INTEGER, -- odd prime, p=jq +1 > g INTEGER, -- generator, g >- q INTEGER, -- factor of p-1 >+ q INTEGER OPTIONAL, -- factor of p-1 > j INTEGER OPTIONAL, -- subgroup factor > validationParms ValidationParms OPTIONAL -- ValidationParms > } >diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c >index 1103a17..c30a298 100644 >--- a/source4/heimdal/lib/krb5/pkinit.c >+++ b/source4/heimdal/lib/krb5/pkinit.c >@@ -497,7 +497,12 @@ build_auth_pack(krb5_context context, > free_DomainParameters(&dp); > return ret; > } >- ret = BN_to_integer(context, dh->q, &dp.q); >+ dp.q = calloc(1, sizeof(*dp.q)); >+ if (dp.q == NULL) { >+ free_DomainParameters(&dp); >+ return ENOMEM; >+ } >+ ret = BN_to_integer(context, dh->q, dp.q); > if (ret) { > free_DomainParameters(&dp); > return ret; >-- >1.9.1 > > >From c12ca1259d9b2193a94226b9e91498d86a202c10 Mon Sep 17 00:00:00 2001 >From: Love Hornquist Astrand <lha@h5l.org> >Date: Mon, 29 Apr 2013 11:42:46 -0700 >Subject: [PATCH 2/3] HEIMDAL: don't bother seeing q if not sent > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986 > >Reviewed-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from heimdal commit 19f9fdbcea11013cf13ac72c416f161ee55dee2b) > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Mon Aug 28 15:10:54 CEST 2017 on sn-devel-144 > >(cherry picked from commit dd3e06f14ec1788a59e4c6ba4ea165fd77b9135e) >--- > source4/heimdal/kdc/pkinit.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > >diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c >index 3a9e8f2..c874847 100644 >--- a/source4/heimdal/kdc/pkinit.c >+++ b/source4/heimdal/kdc/pkinit.c >@@ -381,9 +381,12 @@ get_dh_param(krb5_context context, > dh->g = integer_to_BN(context, "DH base", &dhparam.g); > if (dh->g == NULL) > goto out; >- dh->q = integer_to_BN(context, "DH p-1 factor", &dhparam.q); >- if (dh->g == NULL) >- goto out; >+ >+ if (dhparam.q) { >+ dh->q = integer_to_BN(context, "DH p-1 factor", dhparam.q); >+ if (dh->g == NULL) >+ goto out; >+ } > > { > heim_integer glue; >-- >1.9.1 > > >From 5c5e9977f21597c0939e869b2e1997e9f221c98e Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 29 Aug 2017 07:24:35 +0200 >Subject: [PATCH 3/3] HEIMDAL:kdc: fix dh->q allocation check in get_dh_param() > >Thanks to Doug Nazar <nazard@nazar.ca> for spotting this! > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from heimdal commit a79b59ba27070a015479e8d981b7e685dbe34310) >Reviewed-by: Andreas Schneider <asn@samba.org> > >(cherry picked from commit 183e5d1e3dc306491c06f94c8c98e4882c64bc27) >--- > source4/heimdal/kdc/pkinit.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c >index c874847..ad7f3ef 100644 >--- a/source4/heimdal/kdc/pkinit.c >+++ b/source4/heimdal/kdc/pkinit.c >@@ -384,7 +384,7 @@ get_dh_param(krb5_context context, > > if (dhparam.q) { > dh->q = integer_to_BN(context, "DH p-1 factor", dhparam.q); >- if (dh->g == NULL) >+ if (dh->q == NULL) > goto out; > } > >-- >1.9.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review?
(
abartlet
)
asn
:
review+
Actions:
View
Attachments on
bug 12986
:
13504
|
13505
|
13510
|
13511
| 13858 |
13859
|
13860