From 11eeed30173913b940adeb67ca0e1cfc00ad8eb9 Mon Sep 17 00:00:00 2001 From: Assar Westerlund Date: Sun, 18 Feb 2001 03:39:09 +0000 Subject: [PATCH] add missing setting of minor_status and failure checks git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9697 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/ChangeLog | 5 + lib/gssapi/add_oid_set_member.c | 6 +- lib/gssapi/context_time.c | 3 +- lib/gssapi/create_emtpy_oid_set.c | 3 +- lib/gssapi/display_name.c | 7 +- lib/gssapi/duplicate_name.c | 8 +- lib/gssapi/export_sec_context.c | 148 ++++++++++++++++++++----- lib/gssapi/import_sec_context.c | 22 ++-- lib/gssapi/indicate_mechs.c | 4 +- lib/gssapi/init_sec_context.c | 5 +- lib/gssapi/krb5/ChangeLog | 5 + lib/gssapi/krb5/add_oid_set_member.c | 6 +- lib/gssapi/krb5/context_time.c | 3 +- lib/gssapi/krb5/create_emtpy_oid_set.c | 3 +- lib/gssapi/krb5/display_name.c | 7 +- lib/gssapi/krb5/duplicate_name.c | 8 +- lib/gssapi/krb5/export_sec_context.c | 148 ++++++++++++++++++++----- lib/gssapi/krb5/import_sec_context.c | 22 ++-- lib/gssapi/krb5/indicate_mechs.c | 4 +- lib/gssapi/krb5/init_sec_context.c | 5 +- lib/gssapi/krb5/unwrap.c | 4 +- lib/gssapi/unwrap.c | 4 +- 22 files changed, 332 insertions(+), 98 deletions(-) diff --git a/lib/gssapi/ChangeLog b/lib/gssapi/ChangeLog index b55b76f18..7585cb6e9 100644 --- a/lib/gssapi/ChangeLog +++ b/lib/gssapi/ChangeLog @@ -1,3 +1,8 @@ +2001-02-18 Assar Westerlund + + * import_name.c: set minor_status in some cases where it was not + done + 2001-02-15 Assar Westerlund * wrap.c: use krb5_generate_random_block for the confounders diff --git a/lib/gssapi/add_oid_set_member.c b/lib/gssapi/add_oid_set_member.c index 60162f727..fd5fe4a79 100644 --- a/lib/gssapi/add_oid_set_member.c +++ b/lib/gssapi/add_oid_set_member.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -55,8 +55,10 @@ OM_uint32 gss_add_oid_set_member ( n = (*oid_set)->count + 1; tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc)); - if (tmp == NULL) + if (tmp == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } (*oid_set)->elements = tmp; (*oid_set)->count = n; (*oid_set)->elements[n-1] = *member_oid; diff --git a/lib/gssapi/context_time.c b/lib/gssapi/context_time.c index 9adb98501..22afee965 100644 --- a/lib/gssapi/context_time.c +++ b/lib/gssapi/context_time.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -56,6 +56,7 @@ OM_uint32 gss_context_time kret = krb5_timeofday(gssapi_krb5_context, &timeret); if (kret) { + *minor_status = kret; return GSS_S_FAILURE; } diff --git a/lib/gssapi/create_emtpy_oid_set.c b/lib/gssapi/create_emtpy_oid_set.c index 428a19b85..efd340ce2 100644 --- a/lib/gssapi/create_emtpy_oid_set.c +++ b/lib/gssapi/create_emtpy_oid_set.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -42,6 +42,7 @@ OM_uint32 gss_create_empty_oid_set ( { *oid_set = malloc(sizeof(**oid_set)); if (*oid_set == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; } (*oid_set)->count = 0; diff --git a/lib/gssapi/display_name.c b/lib/gssapi/display_name.c index 5f83d6d53..7aded09f6 100644 --- a/lib/gssapi/display_name.c +++ b/lib/gssapi/display_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -50,13 +50,16 @@ OM_uint32 gss_display_name kret = krb5_unparse_name (gssapi_krb5_context, input_name, &buf); - if (kret) + if (kret) { + *minor_status = kret; return GSS_S_FAILURE; + } len = strlen (buf); output_name_buffer->length = len; output_name_buffer->value = malloc(len + 1); if (output_name_buffer->value == NULL) { free (buf); + *minor_status = ENOMEM; return GSS_S_FAILURE; } memcpy (output_name_buffer->value, buf, len); diff --git a/lib/gssapi/duplicate_name.c b/lib/gssapi/duplicate_name.c index 9dc64ba6b..efbd944c8 100644 --- a/lib/gssapi/duplicate_name.c +++ b/lib/gssapi/duplicate_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -48,8 +48,10 @@ OM_uint32 gss_duplicate_name ( kret = krb5_copy_principal (gssapi_krb5_context, src_name, dest_name); - if (kret) + if (kret) { + *minor_status = kret; return GSS_S_FAILURE; - else + } else { return GSS_S_COMPLETE; + } } diff --git a/lib/gssapi/export_sec_context.c b/lib/gssapi/export_sec_context.c index 69b00a665..d513aa2ee 100644 --- a/lib/gssapi/export_sec_context.c +++ b/lib/gssapi/export_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -44,10 +44,12 @@ gss_export_sec_context ( { krb5_storage *sp; krb5_auth_context ac; - int ret; + OM_uint32 ret = GSS_S_COMPLETE; krb5_data data; gss_buffer_desc buffer; int flags; + OM_uint32 minor; + krb5_error_code kret; gssapi_krb5_init (); if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) @@ -74,25 +76,74 @@ gss_export_sec_context ( if (ac->remote_subkey) flags |= SC_REMOTE_SUBKEY; - krb5_store_int32 (sp, flags); + kret = krb5_store_int32 (sp, flags); + if (kret) { + *minor_status = kret; + goto failure; + } /* marshall auth context */ - krb5_store_int32 (sp, ac->flags); - if (ac->local_address) - krb5_store_address (sp, *ac->local_address); - if (ac->remote_address) - krb5_store_address (sp, *ac->remote_address); - krb5_store_int16 (sp, ac->local_port); - krb5_store_int16 (sp, ac->remote_port); - if (ac->keyblock) - krb5_store_keyblock (sp, *ac->keyblock); - if (ac->local_subkey) - krb5_store_keyblock (sp, *ac->local_subkey); - if (ac->remote_subkey) - krb5_store_keyblock (sp, *ac->remote_subkey); - krb5_store_int32 (sp, ac->local_seqnumber); - krb5_store_int32 (sp, ac->remote_seqnumber); + kret = krb5_store_int32 (sp, ac->flags); + if (kret) { + *minor_status = kret; + goto failure; + } + if (ac->local_address) { + kret = krb5_store_address (sp, *ac->local_address); + if (kret) { + *minor_status = kret; + goto failure; + } + } + if (ac->remote_address) { + kret = krb5_store_address (sp, *ac->remote_address); + if (kret) { + *minor_status = kret; + goto failure; + } + } + kret = krb5_store_int16 (sp, ac->local_port); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int16 (sp, ac->remote_port); + if (kret) { + *minor_status = kret; + goto failure; + } + if (ac->keyblock) { + kret = krb5_store_keyblock (sp, *ac->keyblock); + if (kret) { + *minor_status = kret; + goto failure; + } + } + if (ac->local_subkey) { + kret = krb5_store_keyblock (sp, *ac->local_subkey); + if (kret) { + *minor_status = kret; + goto failure; + } + } + if (ac->remote_subkey) { + kret = krb5_store_keyblock (sp, *ac->remote_subkey); + if (kret) { + *minor_status = kret; + goto failure; + } + } + kret = krb5_store_int32 (sp, ac->local_seqnumber); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int32 (sp, ac->remote_seqnumber); + if (kret) { + *minor_status = kret; + goto failure; + } #if 0 { @@ -108,31 +159,65 @@ gss_export_sec_context ( } data.data = auth_buf; data.length = sz; - krb5_store_data (sp, data); + kret = krb5_store_data (sp, data); + if (kret) { + *minor_status = kret; + goto failure; + } } #endif - krb5_store_int32 (sp, ac->keytype); - krb5_store_int32 (sp, ac->cksumtype); + kret = krb5_store_int32 (sp, ac->keytype); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int32 (sp, ac->cksumtype); + if (kret) { + *minor_status = kret; + goto failure; + } /* names */ - gss_export_name (minor_status, (*context_handle)->source, &buffer); + ret = gss_export_name (minor_status, (*context_handle)->source, &buffer); + if (ret) + goto failure; data.data = buffer.value; data.length = buffer.length; - krb5_store_data (sp, data); + kret = krb5_store_data (sp, data); + gss_release_buffer (&minor, &buffer); + if (kret) { + *minor_status = kret; + goto failure; + } - gss_export_name (minor_status, (*context_handle)->target, &buffer); + ret = gss_export_name (minor_status, (*context_handle)->target, &buffer); + if (ret) + goto failure; data.data = buffer.value; data.length = buffer.length; - krb5_store_data (sp, data); + kret = krb5_store_data (sp, data); + gss_release_buffer (&minor, &buffer); + if (kret) { + *minor_status = kret; + goto failure; + } - krb5_store_int32 (sp, (*context_handle)->flags); - krb5_store_int32 (sp, (*context_handle)->more_flags); + kret = krb5_store_int32 (sp, (*context_handle)->flags); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int32 (sp, (*context_handle)->more_flags); + if (kret) { + *minor_status = kret; + goto failure; + } - ret = krb5_storage_to_data (sp, &data); + kret = krb5_storage_to_data (sp, &data); krb5_storage_free (sp); - if (ret) { - *minor_status = ret; + if (kret) { + *minor_status = kret; return GSS_S_FAILURE; } interprocess_token->length = data.length; @@ -142,4 +227,7 @@ gss_export_sec_context ( if (ret != GSS_S_COMPLETE) gss_release_buffer (NULL, interprocess_token); return ret; + failure: + krb5_storage_free (sp); + return ret; } diff --git a/lib/gssapi/import_sec_context.c b/lib/gssapi/import_sec_context.c index 4e089c8b7..37e1f122d 100644 --- a/lib/gssapi/import_sec_context.c +++ b/lib/gssapi/import_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -53,6 +53,7 @@ gss_import_sec_context ( krb5_keyblock keyblock; int32_t tmp; int32_t flags; + OM_uint32 minor; gssapi_krb5_init (); @@ -69,6 +70,7 @@ gss_import_sec_context ( krb5_storage_free (sp); return GSS_S_FAILURE; } + memset (*context_handle, 0, sizeof(**context_handle)); kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); @@ -153,30 +155,36 @@ gss_import_sec_context ( buffer.value = data.data; buffer.length = data.length; - gss_import_name (minor_status, &buffer, GSS_C_NO_OID, - &(*context_handle)->source); + ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, + &(*context_handle)->source); krb5_data_free (&data); + if (ret) + goto failure; krb5_ret_data (sp, &data); buffer.value = data.data; buffer.length = data.length; - gss_import_name (minor_status, &buffer, GSS_C_NO_OID, - &(*context_handle)->target); + ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, + &(*context_handle)->target); krb5_data_free (&data); + if (ret) + goto failure; krb5_ret_int32 (sp, &tmp); (*context_handle)->flags = tmp; krb5_ret_int32 (sp, &tmp); (*context_handle)->more_flags = tmp; - (*context_handle)->ticket = NULL; - return GSS_S_COMPLETE; failure: krb5_auth_con_free (gssapi_krb5_context, (*context_handle)->auth_context); + if ((*context_handle)->source != NULL) + gss_release_name(&minor, &(*context_handle)->source); + if ((*context_handle)->target != NULL) + gss_release_name(&minor, &(*context_handle)->target); free (*context_handle); *context_handle = GSS_C_NO_CONTEXT; return ret; diff --git a/lib/gssapi/indicate_mechs.c b/lib/gssapi/indicate_mechs.c index 5fd2cace0..f34e8f0b2 100644 --- a/lib/gssapi/indicate_mechs.c +++ b/lib/gssapi/indicate_mechs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -42,12 +42,14 @@ OM_uint32 gss_indicate_mechs { *mech_set = malloc(sizeof(**mech_set)); if (*mech_set == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; } (*mech_set)->count = 1; (*mech_set)->elements = malloc((*mech_set)->count * sizeof(gss_OID_desc)); if ((*mech_set)->elements == NULL) { free (*mech_set); + *minor_status = ENOMEM; return GSS_S_FAILURE; } (*mech_set)->elements[0] = *GSS_KRB5_MECHANISM; diff --git a/lib/gssapi/init_sec_context.c b/lib/gssapi/init_sec_context.c index f71474149..4cade394e 100644 --- a/lib/gssapi/init_sec_context.c +++ b/lib/gssapi/init_sec_context.c @@ -447,6 +447,7 @@ repl_mutual ret = gssapi_krb5_decapsulate (input_token, &indata, "\x02\x00"); if (ret) { /* XXX - Handle AP_ERROR */ + *minor_status = 0; return GSS_S_FAILURE; } @@ -454,8 +455,10 @@ repl_mutual (*context_handle)->auth_context, &indata, &repl); - if (kret) + if (kret) { + *minor_status = kret; return GSS_S_FAILURE; + } krb5_free_ap_rep_enc_part (gssapi_krb5_context, repl); diff --git a/lib/gssapi/krb5/ChangeLog b/lib/gssapi/krb5/ChangeLog index b55b76f18..7585cb6e9 100644 --- a/lib/gssapi/krb5/ChangeLog +++ b/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,8 @@ +2001-02-18 Assar Westerlund + + * import_name.c: set minor_status in some cases where it was not + done + 2001-02-15 Assar Westerlund * wrap.c: use krb5_generate_random_block for the confounders diff --git a/lib/gssapi/krb5/add_oid_set_member.c b/lib/gssapi/krb5/add_oid_set_member.c index 60162f727..fd5fe4a79 100644 --- a/lib/gssapi/krb5/add_oid_set_member.c +++ b/lib/gssapi/krb5/add_oid_set_member.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -55,8 +55,10 @@ OM_uint32 gss_add_oid_set_member ( n = (*oid_set)->count + 1; tmp = realloc ((*oid_set)->elements, n * sizeof(gss_OID_desc)); - if (tmp == NULL) + if (tmp == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; + } (*oid_set)->elements = tmp; (*oid_set)->count = n; (*oid_set)->elements[n-1] = *member_oid; diff --git a/lib/gssapi/krb5/context_time.c b/lib/gssapi/krb5/context_time.c index 9adb98501..22afee965 100644 --- a/lib/gssapi/krb5/context_time.c +++ b/lib/gssapi/krb5/context_time.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -56,6 +56,7 @@ OM_uint32 gss_context_time kret = krb5_timeofday(gssapi_krb5_context, &timeret); if (kret) { + *minor_status = kret; return GSS_S_FAILURE; } diff --git a/lib/gssapi/krb5/create_emtpy_oid_set.c b/lib/gssapi/krb5/create_emtpy_oid_set.c index 428a19b85..efd340ce2 100644 --- a/lib/gssapi/krb5/create_emtpy_oid_set.c +++ b/lib/gssapi/krb5/create_emtpy_oid_set.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -42,6 +42,7 @@ OM_uint32 gss_create_empty_oid_set ( { *oid_set = malloc(sizeof(**oid_set)); if (*oid_set == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; } (*oid_set)->count = 0; diff --git a/lib/gssapi/krb5/display_name.c b/lib/gssapi/krb5/display_name.c index 5f83d6d53..7aded09f6 100644 --- a/lib/gssapi/krb5/display_name.c +++ b/lib/gssapi/krb5/display_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -50,13 +50,16 @@ OM_uint32 gss_display_name kret = krb5_unparse_name (gssapi_krb5_context, input_name, &buf); - if (kret) + if (kret) { + *minor_status = kret; return GSS_S_FAILURE; + } len = strlen (buf); output_name_buffer->length = len; output_name_buffer->value = malloc(len + 1); if (output_name_buffer->value == NULL) { free (buf); + *minor_status = ENOMEM; return GSS_S_FAILURE; } memcpy (output_name_buffer->value, buf, len); diff --git a/lib/gssapi/krb5/duplicate_name.c b/lib/gssapi/krb5/duplicate_name.c index 9dc64ba6b..efbd944c8 100644 --- a/lib/gssapi/krb5/duplicate_name.c +++ b/lib/gssapi/krb5/duplicate_name.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -48,8 +48,10 @@ OM_uint32 gss_duplicate_name ( kret = krb5_copy_principal (gssapi_krb5_context, src_name, dest_name); - if (kret) + if (kret) { + *minor_status = kret; return GSS_S_FAILURE; - else + } else { return GSS_S_COMPLETE; + } } diff --git a/lib/gssapi/krb5/export_sec_context.c b/lib/gssapi/krb5/export_sec_context.c index 69b00a665..d513aa2ee 100644 --- a/lib/gssapi/krb5/export_sec_context.c +++ b/lib/gssapi/krb5/export_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -44,10 +44,12 @@ gss_export_sec_context ( { krb5_storage *sp; krb5_auth_context ac; - int ret; + OM_uint32 ret = GSS_S_COMPLETE; krb5_data data; gss_buffer_desc buffer; int flags; + OM_uint32 minor; + krb5_error_code kret; gssapi_krb5_init (); if (!((*context_handle)->flags & GSS_C_TRANS_FLAG)) @@ -74,25 +76,74 @@ gss_export_sec_context ( if (ac->remote_subkey) flags |= SC_REMOTE_SUBKEY; - krb5_store_int32 (sp, flags); + kret = krb5_store_int32 (sp, flags); + if (kret) { + *minor_status = kret; + goto failure; + } /* marshall auth context */ - krb5_store_int32 (sp, ac->flags); - if (ac->local_address) - krb5_store_address (sp, *ac->local_address); - if (ac->remote_address) - krb5_store_address (sp, *ac->remote_address); - krb5_store_int16 (sp, ac->local_port); - krb5_store_int16 (sp, ac->remote_port); - if (ac->keyblock) - krb5_store_keyblock (sp, *ac->keyblock); - if (ac->local_subkey) - krb5_store_keyblock (sp, *ac->local_subkey); - if (ac->remote_subkey) - krb5_store_keyblock (sp, *ac->remote_subkey); - krb5_store_int32 (sp, ac->local_seqnumber); - krb5_store_int32 (sp, ac->remote_seqnumber); + kret = krb5_store_int32 (sp, ac->flags); + if (kret) { + *minor_status = kret; + goto failure; + } + if (ac->local_address) { + kret = krb5_store_address (sp, *ac->local_address); + if (kret) { + *minor_status = kret; + goto failure; + } + } + if (ac->remote_address) { + kret = krb5_store_address (sp, *ac->remote_address); + if (kret) { + *minor_status = kret; + goto failure; + } + } + kret = krb5_store_int16 (sp, ac->local_port); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int16 (sp, ac->remote_port); + if (kret) { + *minor_status = kret; + goto failure; + } + if (ac->keyblock) { + kret = krb5_store_keyblock (sp, *ac->keyblock); + if (kret) { + *minor_status = kret; + goto failure; + } + } + if (ac->local_subkey) { + kret = krb5_store_keyblock (sp, *ac->local_subkey); + if (kret) { + *minor_status = kret; + goto failure; + } + } + if (ac->remote_subkey) { + kret = krb5_store_keyblock (sp, *ac->remote_subkey); + if (kret) { + *minor_status = kret; + goto failure; + } + } + kret = krb5_store_int32 (sp, ac->local_seqnumber); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int32 (sp, ac->remote_seqnumber); + if (kret) { + *minor_status = kret; + goto failure; + } #if 0 { @@ -108,31 +159,65 @@ gss_export_sec_context ( } data.data = auth_buf; data.length = sz; - krb5_store_data (sp, data); + kret = krb5_store_data (sp, data); + if (kret) { + *minor_status = kret; + goto failure; + } } #endif - krb5_store_int32 (sp, ac->keytype); - krb5_store_int32 (sp, ac->cksumtype); + kret = krb5_store_int32 (sp, ac->keytype); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int32 (sp, ac->cksumtype); + if (kret) { + *minor_status = kret; + goto failure; + } /* names */ - gss_export_name (minor_status, (*context_handle)->source, &buffer); + ret = gss_export_name (minor_status, (*context_handle)->source, &buffer); + if (ret) + goto failure; data.data = buffer.value; data.length = buffer.length; - krb5_store_data (sp, data); + kret = krb5_store_data (sp, data); + gss_release_buffer (&minor, &buffer); + if (kret) { + *minor_status = kret; + goto failure; + } - gss_export_name (minor_status, (*context_handle)->target, &buffer); + ret = gss_export_name (minor_status, (*context_handle)->target, &buffer); + if (ret) + goto failure; data.data = buffer.value; data.length = buffer.length; - krb5_store_data (sp, data); + kret = krb5_store_data (sp, data); + gss_release_buffer (&minor, &buffer); + if (kret) { + *minor_status = kret; + goto failure; + } - krb5_store_int32 (sp, (*context_handle)->flags); - krb5_store_int32 (sp, (*context_handle)->more_flags); + kret = krb5_store_int32 (sp, (*context_handle)->flags); + if (kret) { + *minor_status = kret; + goto failure; + } + kret = krb5_store_int32 (sp, (*context_handle)->more_flags); + if (kret) { + *minor_status = kret; + goto failure; + } - ret = krb5_storage_to_data (sp, &data); + kret = krb5_storage_to_data (sp, &data); krb5_storage_free (sp); - if (ret) { - *minor_status = ret; + if (kret) { + *minor_status = kret; return GSS_S_FAILURE; } interprocess_token->length = data.length; @@ -142,4 +227,7 @@ gss_export_sec_context ( if (ret != GSS_S_COMPLETE) gss_release_buffer (NULL, interprocess_token); return ret; + failure: + krb5_storage_free (sp); + return ret; } diff --git a/lib/gssapi/krb5/import_sec_context.c b/lib/gssapi/krb5/import_sec_context.c index 4e089c8b7..37e1f122d 100644 --- a/lib/gssapi/krb5/import_sec_context.c +++ b/lib/gssapi/krb5/import_sec_context.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -53,6 +53,7 @@ gss_import_sec_context ( krb5_keyblock keyblock; int32_t tmp; int32_t flags; + OM_uint32 minor; gssapi_krb5_init (); @@ -69,6 +70,7 @@ gss_import_sec_context ( krb5_storage_free (sp); return GSS_S_FAILURE; } + memset (*context_handle, 0, sizeof(**context_handle)); kret = krb5_auth_con_init (gssapi_krb5_context, &(*context_handle)->auth_context); @@ -153,30 +155,36 @@ gss_import_sec_context ( buffer.value = data.data; buffer.length = data.length; - gss_import_name (minor_status, &buffer, GSS_C_NO_OID, - &(*context_handle)->source); + ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, + &(*context_handle)->source); krb5_data_free (&data); + if (ret) + goto failure; krb5_ret_data (sp, &data); buffer.value = data.data; buffer.length = data.length; - gss_import_name (minor_status, &buffer, GSS_C_NO_OID, - &(*context_handle)->target); + ret = gss_import_name (minor_status, &buffer, GSS_C_NO_OID, + &(*context_handle)->target); krb5_data_free (&data); + if (ret) + goto failure; krb5_ret_int32 (sp, &tmp); (*context_handle)->flags = tmp; krb5_ret_int32 (sp, &tmp); (*context_handle)->more_flags = tmp; - (*context_handle)->ticket = NULL; - return GSS_S_COMPLETE; failure: krb5_auth_con_free (gssapi_krb5_context, (*context_handle)->auth_context); + if ((*context_handle)->source != NULL) + gss_release_name(&minor, &(*context_handle)->source); + if ((*context_handle)->target != NULL) + gss_release_name(&minor, &(*context_handle)->target); free (*context_handle); *context_handle = GSS_C_NO_CONTEXT; return ret; diff --git a/lib/gssapi/krb5/indicate_mechs.c b/lib/gssapi/krb5/indicate_mechs.c index 5fd2cace0..f34e8f0b2 100644 --- a/lib/gssapi/krb5/indicate_mechs.c +++ b/lib/gssapi/krb5/indicate_mechs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -42,12 +42,14 @@ OM_uint32 gss_indicate_mechs { *mech_set = malloc(sizeof(**mech_set)); if (*mech_set == NULL) { + *minor_status = ENOMEM; return GSS_S_FAILURE; } (*mech_set)->count = 1; (*mech_set)->elements = malloc((*mech_set)->count * sizeof(gss_OID_desc)); if ((*mech_set)->elements == NULL) { free (*mech_set); + *minor_status = ENOMEM; return GSS_S_FAILURE; } (*mech_set)->elements[0] = *GSS_KRB5_MECHANISM; diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c index f71474149..4cade394e 100644 --- a/lib/gssapi/krb5/init_sec_context.c +++ b/lib/gssapi/krb5/init_sec_context.c @@ -447,6 +447,7 @@ repl_mutual ret = gssapi_krb5_decapsulate (input_token, &indata, "\x02\x00"); if (ret) { /* XXX - Handle AP_ERROR */ + *minor_status = 0; return GSS_S_FAILURE; } @@ -454,8 +455,10 @@ repl_mutual (*context_handle)->auth_context, &indata, &repl); - if (kret) + if (kret) { + *minor_status = kret; return GSS_S_FAILURE; + } krb5_free_ap_rep_enc_part (gssapi_krb5_context, repl); diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c index 78e471d99..087a402f8 100644 --- a/lib/gssapi/krb5/unwrap.c +++ b/lib/gssapi/krb5/unwrap.c @@ -86,8 +86,10 @@ unwrap_des ret = gssapi_krb5_verify_header (&p, input_message_buffer->length, "\x02\x01"); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } if (memcmp (p, "\x00\x00", 2) != 0) return GSS_S_BAD_SIG; diff --git a/lib/gssapi/unwrap.c b/lib/gssapi/unwrap.c index 78e471d99..087a402f8 100644 --- a/lib/gssapi/unwrap.c +++ b/lib/gssapi/unwrap.c @@ -86,8 +86,10 @@ unwrap_des ret = gssapi_krb5_verify_header (&p, input_message_buffer->length, "\x02\x01"); - if (ret) + if (ret) { + *minor_status = 0; return ret; + } if (memcmp (p, "\x00\x00", 2) != 0) return GSS_S_BAD_SIG;