s4:heimdal: import lorikeet-heimdal-200908050050 (commit 8714779fa7376fd9f7761587639e68b48afc8c9c)

This also adds a new hdb-glue.c file, to cope with Heimdal's
uncondtional enabling of SQLITE.

(Very reasonable, but not required for Samba4's use).

Andrew Bartlett

1 files changed, 10 insertions, 0 deletions

diff --git a/source4/heimdal/lib/krb5/pkinit.c b/source4/heimdal/lib/krb5/pkinit.c
index 18b5b5e017..af5568f44b 100644
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -1402,6 +1402,7 @@ pk_rd_pa_reply_dh(krb5_context context,
 				       kdc_dh_pubkey, ctx->u.dh);
 	if (dh_gen_keylen == -1) {
 	    ret = KRB5KRB_ERR_GENERIC;
+	    dh_gen_keylen = 0;
 	    krb5_set_error_message(context, ret,
 				   N_("PKINIT: Can't compute Diffie-Hellman key", ""));
 	    goto out;
@@ -1446,6 +1447,7 @@ pk_rd_pa_reply_dh(krb5_context context,
 	EC_KEY_free(public);
 	if (dh_gen_keylen == -1) {
 	    ret = KRB5KRB_ERR_GENERIC;
+	    dh_gen_keylen = 0;
 	    krb5_set_error_message(context, ret,
 				   N_("PKINIT: Can't compute ECDH public key", ""));
 	    goto out;
@@ -1455,6 +1457,14 @@ pk_rd_pa_reply_dh(krb5_context context,
 #endif
     }
 	
+    if (dh_gen_keylen <= 0) {
+	ret = EINVAL;
+	krb5_set_error_message(context, ret,
+			       N_("PKINIT: resulting DH key <= 0", ""));
+	dh_gen_keylen = 0;
+	goto out;
+    }
+
     *key = malloc (sizeof (**key));
     if (*key == NULL) {
 	ret = ENOMEM;