krb5: Fix coverity warnings

This commit is contained in:
Nicolas Williams
2022-01-19 23:38:27 -06:00
parent 9203c4a3f4
commit 1eda4920c8
16 changed files with 90 additions and 83 deletions

@@ -121,10 +121,9 @@ init_ccapi(krb5_context context)
if (cc_handle == NULL) {
HEIMDAL_MUTEX_unlock(&acc_mutex);
if (context)
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("Failed to load API cache module %s", "file"),
lib);
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("Failed to load API cache module %s", "file"),
lib);
return KRB5_CC_NOSUPP;
}
@@ -135,10 +134,9 @@ init_ccapi(krb5_context context)
dlsym(cc_handle, "krb5_ipc_client_clear_target");
HEIMDAL_MUTEX_unlock(&acc_mutex);
if (init_func == NULL) {
if (context)
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("Failed to find cc_initialize"
"in %s: %s", "file, error"), lib, dlerror());
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("Failed to find cc_initialize"
"in %s: %s", "file, error"), lib, dlerror());
dlclose(cc_handle);
return KRB5_CC_NOSUPP;
}
@@ -146,9 +144,8 @@ init_ccapi(krb5_context context)
return 0;
#else
HEIMDAL_MUTEX_unlock(&acc_mutex);
if (context)
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("no support for shared object", ""));
krb5_set_error_message(context, KRB5_CC_NOSUPP,
N_("no support for shared object", ""));
return KRB5_CC_NOSUPP;
#endif
}

@@ -543,7 +543,13 @@ arange_parse_addr (krb5_context context,
return ret;
}
krb5_data_alloc(&addr->address, sizeof(*a));
ret = krb5_data_alloc(&addr->address, sizeof(*a));
if (ret) {
krb5_free_address(context, &low0);
krb5_free_address(context, &high0);
return ret;
}
addr->addr_type = KRB5_ADDRESS_ARANGE;
a = addr->address.data;
@@ -1377,12 +1383,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_addresses(krb5_context context,
krb5_addresses *addresses)
{
size_t i;
for(i = 0; i < addresses->len; i++)
krb5_free_address(context, &addresses->val[i]);
free(addresses->val);
addresses->len = 0;
addresses->val = NULL;
free_HostAddresses(addresses);
return 0;
}

@@ -1606,8 +1606,7 @@ krb5_cc_cache_match (krb5_context context,
} else if (cache == NULL) {
char *str;
krb5_unparse_name(context, client, &str);
(void) krb5_unparse_name(context, client, &str);
krb5_set_error_message(context, KRB5_CC_NOTFOUND,
N_("Principal %s not found in any "
"credential cache", ""),

@@ -452,7 +452,7 @@ dcc_resolve_2(krb5_context context,
/* Strip off extra slashes on the end */
for (len = strlen(dc->dir);
len && ISPATHSEP(dc->dir[len - 1]);
len -= len ? 1 : 0)
len--)
dc->dir[len - 1] = '\0';
/* If we got here then `dc->dir' and `dc->sub' must both be set */
@@ -676,7 +676,7 @@ dcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
/* Strip off extra slashes on the end */
for (len = strlen(iter->dc->dir);
len && ISPATHSEP(iter->dc->dir[len - 1]);
len -= len ? 1 : 0) {
len--) {
iter->dc->dir[len - 1] = '\0';
}

@@ -779,7 +779,9 @@ get_cred_kdc_address(krb5_context context,
"no-addresses", FALSE, &noaddr);
if (!noaddr) {
krb5_get_all_client_addrs(context, &addresses);
ret = krb5_get_all_client_addrs(context, &addresses);
if (ret)
return ret;
/* XXX this sucks. */
addrs = &addresses;
if(addresses.len == 0)

@@ -468,7 +468,9 @@ get_init_creds_common(krb5_context context,
if (options == NULL) {
const char *realm = krb5_principal_get_realm(context, client);
krb5_get_init_creds_opt_alloc (context, &default_opt);
ret = krb5_get_init_creds_opt_alloc(context, &default_opt);
if (ret)
return ret;
options = default_opt;
krb5_get_init_creds_opt_set_default_flags(context, NULL, realm, options);
}
@@ -500,11 +502,8 @@ get_init_creds_common(krb5_context context,
ctx->pre_auth_types = NULL;
ret = init_cred(context, &ctx->cred, client, start_time, options);
if (ret) {
if (default_opt)
krb5_get_init_creds_opt_free(context, default_opt);
return ret;
}
if (ret)
goto out;
ret = krb5_init_creds_set_service(context, ctx, NULL);
if (ret)
@@ -578,10 +577,6 @@ get_init_creds_common(krb5_context context,
else
ctx->runflags.change_password_prompt = ctx->prompter != NULL;
if (default_opt)
krb5_get_init_creds_opt_free(context, default_opt);
return 0;
out:
if (default_opt)
krb5_get_init_creds_opt_free(context, default_opt);

@@ -1009,7 +1009,7 @@ kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops,
aret = asprintf(str, "%s:%s", ops->prefix, name);
free(name);
if (aret == -1 || str == NULL)
if (aret == -1 || *str == NULL)
return ENOMEM;
return 0;

@@ -582,29 +582,31 @@ _krb5_kt_principal_not_found(krb5_context context,
krb5_enctype enctype,
int kvno)
{
char princ[256], kvno_str[25], *kt_name;
char kvno_str[25];
char *enctype_str = NULL;
char *kt_name = NULL;
char *princ = NULL;
krb5_unparse_name_fixed (context, principal, princ, sizeof(princ));
krb5_kt_get_full_name (context, id, &kt_name);
(void) krb5_unparse_name(context, principal, &princ);
(void) krb5_kt_get_full_name(context, id, &kt_name);
if (enctype)
krb5_enctype_to_string(context, enctype, &enctype_str);
(void) krb5_enctype_to_string(context, enctype, &enctype_str);
if (kvno)
snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno);
else
kvno_str[0] = '\0';
krb5_set_error_message (context, ret,
N_("Failed to find %s%s in keytab %s (%s)",
"principal, kvno, keytab file, enctype"),
princ,
kvno_str,
kt_name ? kt_name : "unknown keytab",
enctype_str ? enctype_str : "unknown enctype");
krb5_set_error_message(context, ret,
N_("Failed to find %s%s in keytab %s (%s)",
"principal, kvno, keytab file, enctype"),
princ ? princ : "<unknown>",
kvno_str,
kt_name ? kt_name : "unknown keytab",
enctype_str ? enctype_str : "unknown enctype");
free(princ);
free(kt_name);
if (enctype_str)
free(enctype_str);
free(enctype_str);
return ret;
}
@@ -687,7 +689,8 @@ krb5_kt_get_entry(krb5_context context,
krb5_name_canon_iterator name_canon_iter;
if (!principal)
return krb5_kt_get_entry_wrapped(context, id, principal, kvno, enctype,
/* Use `NULL' instead of `principal' to quiet static analizers */
return krb5_kt_get_entry_wrapped(context, id, NULL, kvno, enctype,
entry);
ret = krb5_name_canon_iterator_start(context, principal, &name_canon_iter);

@@ -59,6 +59,7 @@ usage (int ret)
int
main(int argc, char **argv)
{
krb5_error_code ret;
int i, j;
krb5_context context;
int types[] = {KRB5_KRBHST_KDC, KRB5_KRBHST_ADMIN, KRB5_KRBHST_CHANGEPW,
@@ -82,7 +83,9 @@ main(int argc, char **argv)
argc -= optidx;
argv += optidx;
krb5_init_context (&context);
ret = krb5_init_context(&context);
if (ret)
krb5_err(NULL, 1, ret, "Failed to initialize context");
for(i = 0; i < argc; i++) {
krb5_krbhst_handle handle;
char host[MAXHOSTNAMELEN];
@@ -90,12 +93,16 @@ main(int argc, char **argv)
for (j = 0; j < sizeof(types)/sizeof(*types); ++j) {
printf ("%s for %s:\n", type_str[j], argv[i]);
krb5_krbhst_init(context, argv[i], types[j], &handle);
while(krb5_krbhst_next_as_string(context, handle,
host, sizeof(host)) == 0)
ret = krb5_krbhst_init(context, argv[i], types[j], &handle);
if (ret)
krb5_err(context, 1, ret, "Could not init krbhst iterator");
while ((ret = krb5_krbhst_next_as_string(context, handle, host,
sizeof(host))) == 0)
printf("\thost: %s\n", host);
krb5_krbhst_reset(context, handle);
printf ("\n");
printf("\n");
if (ret)
krb5_err(context, 1, ret, "Could not iterate all krbhst");
}
}
return 0;

@@ -1108,7 +1108,7 @@ rd_kx509_resp(krb5_context context,
ret = errno;
}
free_Kx509Response(&r);
if (cert) {
if (*cert) {
heim_release(herr);
return 0;
}

@@ -457,6 +457,9 @@ unparse_name_fixed(krb5_context context,
int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0;
int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
if (name && len)
name[0] = '\0';
if (!no_realm && princ_realm(principal) == NULL) {
krb5_set_error_message(context, ERANGE,
N_("Realm missing from principal, "
@@ -1964,10 +1967,12 @@ apply_name_canon_rule(krb5_context context, krb5_name_canon_rule rules,
new_hostname = hostname_with_port;
}
if (new_realm != NULL)
krb5_principal_set_realm(context, *out_princ, new_realm);
if (new_hostname != NULL)
krb5_principal_set_comp_string(context, *out_princ, 1, new_hostname);
if (new_realm != NULL &&
(ret = krb5_principal_set_realm(context, *out_princ, new_realm)))
goto out;
if (new_hostname != NULL &&
(ret = krb5_principal_set_comp_string(context, *out_princ, 1, new_hostname)))
goto out;
if (princ_type(*out_princ) == KRB5_NT_SRV_HST_NEEDS_CANON)
princ_type(*out_princ) = KRB5_NT_SRV_HST;

@@ -855,7 +855,8 @@ krb5_rd_req_ctx(krb5_context context,
krb5_keytab id = NULL, keytab = NULL;
krb5_principal service = NULL;
*outctx = NULL;
if (outctx)
*outctx = NULL;
o = calloc(1, sizeof(*o));
if (o == NULL)
@@ -1090,9 +1091,9 @@ krb5_rd_req_ctx(krb5_context context,
}
out:
if (ret || outctx == NULL) {
if (ret || outctx == NULL)
krb5_rd_req_out_ctx_free(context, o);
} else
else
*outctx = o;
free_AP_REQ(&ap_req);

@@ -47,10 +47,8 @@ ARCFOUR_string_to_key(krb5_context context,
EVP_MD_CTX *m;
m = EVP_MD_CTX_create();
if (m == NULL) {
ret = krb5_enomem(context);
goto out;
}
if (m == NULL)
return krb5_enomem(context);
EVP_DigestInit_ex(m, EVP_md4(), NULL);

@@ -1285,24 +1285,22 @@ scc_remove_cred(krb5_context context,
sqlite3_finalize(stmt);
if (id) {
ret = prepare_stmt(context, s->db, &stmt,
"DELETE FROM credentials WHERE oid=?");
if (ret)
return ret;
sqlite3_bind_int(stmt, 1, credid);
ret = prepare_stmt(context, s->db, &stmt,
"DELETE FROM credentials WHERE oid=?");
if (ret)
return ret;
sqlite3_bind_int(stmt, 1, credid);
do {
ret = sqlite3_step(stmt);
} while (ret == SQLITE_ROW);
sqlite3_finalize(stmt);
if (ret != SQLITE_DONE) {
ret = KRB5_CC_IO;
krb5_set_error_message(context, ret,
N_("failed to delete scache credental", ""));
} else
ret = 0;
}
do {
ret = sqlite3_step(stmt);
} while (ret == SQLITE_ROW);
sqlite3_finalize(stmt);
if (ret != SQLITE_DONE) {
ret = KRB5_CC_IO;
krb5_set_error_message(context, ret,
N_("failed to delete scache credental", ""));
} else
ret = 0;
return ret;
}

@@ -81,8 +81,8 @@ test_alname(krb5_context context, krb5_const_realm realm,
}
krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s",
princ, localuser);
free(princ);
}
free(princ);
if (strcmp(localname, localuser) != 0) {
if (ok)

@@ -133,6 +133,7 @@ time_hmac_evp(krb5_context context, size_t size, int iterations)
free(buf);
krb5_free_keyblock_contents(context, &key);
krb5_crypto_destroy(context, crypto);
}
static void