diff --git a/lib/krb5/acache.c b/lib/krb5/acache.c index 5bc976263..295881fe9 100644 --- a/lib/krb5/acache.c +++ b/lib/krb5/acache.c @@ -121,10 +121,9 @@ init_ccapi(krb5_context context) if (cc_handle == NULL) { HEIMDAL_MUTEX_unlock(&acc_mutex); - if (context) - krb5_set_error_message(context, KRB5_CC_NOSUPP, - N_("Failed to load API cache module %s", "file"), - lib); + krb5_set_error_message(context, KRB5_CC_NOSUPP, + N_("Failed to load API cache module %s", "file"), + lib); return KRB5_CC_NOSUPP; } @@ -135,10 +134,9 @@ init_ccapi(krb5_context context) dlsym(cc_handle, "krb5_ipc_client_clear_target"); HEIMDAL_MUTEX_unlock(&acc_mutex); if (init_func == NULL) { - if (context) - krb5_set_error_message(context, KRB5_CC_NOSUPP, - N_("Failed to find cc_initialize" - "in %s: %s", "file, error"), lib, dlerror()); + krb5_set_error_message(context, KRB5_CC_NOSUPP, + N_("Failed to find cc_initialize" + "in %s: %s", "file, error"), lib, dlerror()); dlclose(cc_handle); return KRB5_CC_NOSUPP; } @@ -146,9 +144,8 @@ init_ccapi(krb5_context context) return 0; #else HEIMDAL_MUTEX_unlock(&acc_mutex); - if (context) - krb5_set_error_message(context, KRB5_CC_NOSUPP, - N_("no support for shared object", "")); + krb5_set_error_message(context, KRB5_CC_NOSUPP, + N_("no support for shared object", "")); return KRB5_CC_NOSUPP; #endif } diff --git a/lib/krb5/addr_families.c b/lib/krb5/addr_families.c index c9a816426..864c9cde8 100644 --- a/lib/krb5/addr_families.c +++ b/lib/krb5/addr_families.c @@ -543,7 +543,13 @@ arange_parse_addr (krb5_context context, return ret; } - krb5_data_alloc(&addr->address, sizeof(*a)); + ret = krb5_data_alloc(&addr->address, sizeof(*a)); + if (ret) { + krb5_free_address(context, &low0); + krb5_free_address(context, &high0); + return ret; + } + addr->addr_type = KRB5_ADDRESS_ARANGE; a = addr->address.data; @@ -1377,12 +1383,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_addresses(krb5_context context, krb5_addresses *addresses) { - size_t i; - for(i = 0; i < addresses->len; i++) - krb5_free_address(context, &addresses->val[i]); - free(addresses->val); - addresses->len = 0; - addresses->val = NULL; + free_HostAddresses(addresses); return 0; } diff --git a/lib/krb5/cache.c b/lib/krb5/cache.c index a337e3a2e..35c03adf4 100644 --- a/lib/krb5/cache.c +++ b/lib/krb5/cache.c @@ -1606,8 +1606,7 @@ krb5_cc_cache_match (krb5_context context, } else if (cache == NULL) { char *str; - krb5_unparse_name(context, client, &str); - + (void) krb5_unparse_name(context, client, &str); krb5_set_error_message(context, KRB5_CC_NOTFOUND, N_("Principal %s not found in any " "credential cache", ""), diff --git a/lib/krb5/dcache.c b/lib/krb5/dcache.c index a4c579e56..af88aed91 100644 --- a/lib/krb5/dcache.c +++ b/lib/krb5/dcache.c @@ -452,7 +452,7 @@ dcc_resolve_2(krb5_context context, /* Strip off extra slashes on the end */ for (len = strlen(dc->dir); len && ISPATHSEP(dc->dir[len - 1]); - len -= len ? 1 : 0) + len--) dc->dir[len - 1] = '\0'; /* If we got here then `dc->dir' and `dc->sub' must both be set */ @@ -676,7 +676,7 @@ dcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) /* Strip off extra slashes on the end */ for (len = strlen(iter->dc->dir); len && ISPATHSEP(iter->dc->dir[len - 1]); - len -= len ? 1 : 0) { + len--) { iter->dc->dir[len - 1] = '\0'; } diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c index 65d089b51..ec7577978 100644 --- a/lib/krb5/get_cred.c +++ b/lib/krb5/get_cred.c @@ -779,7 +779,9 @@ get_cred_kdc_address(krb5_context context, "no-addresses", FALSE, &noaddr); if (!noaddr) { - krb5_get_all_client_addrs(context, &addresses); + ret = krb5_get_all_client_addrs(context, &addresses); + if (ret) + return ret; /* XXX this sucks. */ addrs = &addresses; if(addresses.len == 0) diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index cbadb6f5f..8497b2169 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -468,7 +468,9 @@ get_init_creds_common(krb5_context context, if (options == NULL) { const char *realm = krb5_principal_get_realm(context, client); - krb5_get_init_creds_opt_alloc (context, &default_opt); + ret = krb5_get_init_creds_opt_alloc(context, &default_opt); + if (ret) + return ret; options = default_opt; krb5_get_init_creds_opt_set_default_flags(context, NULL, realm, options); } @@ -500,11 +502,8 @@ get_init_creds_common(krb5_context context, ctx->pre_auth_types = NULL; ret = init_cred(context, &ctx->cred, client, start_time, options); - if (ret) { - if (default_opt) - krb5_get_init_creds_opt_free(context, default_opt); - return ret; - } + if (ret) + goto out; ret = krb5_init_creds_set_service(context, ctx, NULL); if (ret) @@ -578,10 +577,6 @@ get_init_creds_common(krb5_context context, else ctx->runflags.change_password_prompt = ctx->prompter != NULL; - if (default_opt) - krb5_get_init_creds_opt_free(context, default_opt); - return 0; - out: if (default_opt) krb5_get_init_creds_opt_free(context, default_opt); diff --git a/lib/krb5/kcm.c b/lib/krb5/kcm.c index 760abf5c5..f76858142 100644 --- a/lib/krb5/kcm.c +++ b/lib/krb5/kcm.c @@ -1009,7 +1009,7 @@ kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops, aret = asprintf(str, "%s:%s", ops->prefix, name); free(name); - if (aret == -1 || str == NULL) + if (aret == -1 || *str == NULL) return ENOMEM; return 0; diff --git a/lib/krb5/keytab.c b/lib/krb5/keytab.c index df440d24e..559d640f0 100644 --- a/lib/krb5/keytab.c +++ b/lib/krb5/keytab.c @@ -582,29 +582,31 @@ _krb5_kt_principal_not_found(krb5_context context, krb5_enctype enctype, int kvno) { - char princ[256], kvno_str[25], *kt_name; + char kvno_str[25]; char *enctype_str = NULL; + char *kt_name = NULL; + char *princ = NULL; - krb5_unparse_name_fixed (context, principal, princ, sizeof(princ)); - krb5_kt_get_full_name (context, id, &kt_name); + (void) krb5_unparse_name(context, principal, &princ); + (void) krb5_kt_get_full_name(context, id, &kt_name); if (enctype) - krb5_enctype_to_string(context, enctype, &enctype_str); + (void) krb5_enctype_to_string(context, enctype, &enctype_str); if (kvno) snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno); else kvno_str[0] = '\0'; - krb5_set_error_message (context, ret, - N_("Failed to find %s%s in keytab %s (%s)", - "principal, kvno, keytab file, enctype"), - princ, - kvno_str, - kt_name ? kt_name : "unknown keytab", - enctype_str ? enctype_str : "unknown enctype"); + krb5_set_error_message(context, ret, + N_("Failed to find %s%s in keytab %s (%s)", + "principal, kvno, keytab file, enctype"), + princ ? princ : "", + kvno_str, + kt_name ? kt_name : "unknown keytab", + enctype_str ? enctype_str : "unknown enctype"); + free(princ); free(kt_name); - if (enctype_str) - free(enctype_str); + free(enctype_str); return ret; } @@ -687,7 +689,8 @@ krb5_kt_get_entry(krb5_context context, krb5_name_canon_iterator name_canon_iter; if (!principal) - return krb5_kt_get_entry_wrapped(context, id, principal, kvno, enctype, + /* Use `NULL' instead of `principal' to quiet static analizers */ + return krb5_kt_get_entry_wrapped(context, id, NULL, kvno, enctype, entry); ret = krb5_name_canon_iterator_start(context, principal, &name_canon_iter); diff --git a/lib/krb5/krbhst-test.c b/lib/krb5/krbhst-test.c index 873734fce..cd388ecfa 100644 --- a/lib/krb5/krbhst-test.c +++ b/lib/krb5/krbhst-test.c @@ -59,6 +59,7 @@ usage (int ret) int main(int argc, char **argv) { + krb5_error_code ret; int i, j; krb5_context context; int types[] = {KRB5_KRBHST_KDC, KRB5_KRBHST_ADMIN, KRB5_KRBHST_CHANGEPW, @@ -82,7 +83,9 @@ main(int argc, char **argv) argc -= optidx; argv += optidx; - krb5_init_context (&context); + ret = krb5_init_context(&context); + if (ret) + krb5_err(NULL, 1, ret, "Failed to initialize context"); for(i = 0; i < argc; i++) { krb5_krbhst_handle handle; char host[MAXHOSTNAMELEN]; @@ -90,12 +93,16 @@ main(int argc, char **argv) for (j = 0; j < sizeof(types)/sizeof(*types); ++j) { printf ("%s for %s:\n", type_str[j], argv[i]); - krb5_krbhst_init(context, argv[i], types[j], &handle); - while(krb5_krbhst_next_as_string(context, handle, - host, sizeof(host)) == 0) + ret = krb5_krbhst_init(context, argv[i], types[j], &handle); + if (ret) + krb5_err(context, 1, ret, "Could not init krbhst iterator"); + while ((ret = krb5_krbhst_next_as_string(context, handle, host, + sizeof(host))) == 0) printf("\thost: %s\n", host); krb5_krbhst_reset(context, handle); - printf ("\n"); + printf("\n"); + if (ret) + krb5_err(context, 1, ret, "Could not iterate all krbhst"); } } return 0; diff --git a/lib/krb5/kx509.c b/lib/krb5/kx509.c index 2b6ac8eaa..7525739f6 100644 --- a/lib/krb5/kx509.c +++ b/lib/krb5/kx509.c @@ -1108,7 +1108,7 @@ rd_kx509_resp(krb5_context context, ret = errno; } free_Kx509Response(&r); - if (cert) { + if (*cert) { heim_release(herr); return 0; } diff --git a/lib/krb5/principal.c b/lib/krb5/principal.c index dc6692ff2..ed44b33a1 100644 --- a/lib/krb5/principal.c +++ b/lib/krb5/principal.c @@ -457,6 +457,9 @@ unparse_name_fixed(krb5_context context, int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0; int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0; + if (name && len) + name[0] = '\0'; + if (!no_realm && princ_realm(principal) == NULL) { krb5_set_error_message(context, ERANGE, N_("Realm missing from principal, " @@ -1964,10 +1967,12 @@ apply_name_canon_rule(krb5_context context, krb5_name_canon_rule rules, new_hostname = hostname_with_port; } - if (new_realm != NULL) - krb5_principal_set_realm(context, *out_princ, new_realm); - if (new_hostname != NULL) - krb5_principal_set_comp_string(context, *out_princ, 1, new_hostname); + if (new_realm != NULL && + (ret = krb5_principal_set_realm(context, *out_princ, new_realm))) + goto out; + if (new_hostname != NULL && + (ret = krb5_principal_set_comp_string(context, *out_princ, 1, new_hostname))) + goto out; if (princ_type(*out_princ) == KRB5_NT_SRV_HST_NEEDS_CANON) princ_type(*out_princ) = KRB5_NT_SRV_HST; diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c index 13f2df64e..371037c84 100644 --- a/lib/krb5/rd_req.c +++ b/lib/krb5/rd_req.c @@ -855,7 +855,8 @@ krb5_rd_req_ctx(krb5_context context, krb5_keytab id = NULL, keytab = NULL; krb5_principal service = NULL; - *outctx = NULL; + if (outctx) + *outctx = NULL; o = calloc(1, sizeof(*o)); if (o == NULL) @@ -1090,9 +1091,9 @@ krb5_rd_req_ctx(krb5_context context, } out: - if (ret || outctx == NULL) { + if (ret || outctx == NULL) krb5_rd_req_out_ctx_free(context, o); - } else + else *outctx = o; free_AP_REQ(&ap_req); diff --git a/lib/krb5/salt-arcfour.c b/lib/krb5/salt-arcfour.c index 38aaa2502..033128ed8 100644 --- a/lib/krb5/salt-arcfour.c +++ b/lib/krb5/salt-arcfour.c @@ -47,10 +47,8 @@ ARCFOUR_string_to_key(krb5_context context, EVP_MD_CTX *m; m = EVP_MD_CTX_create(); - if (m == NULL) { - ret = krb5_enomem(context); - goto out; - } + if (m == NULL) + return krb5_enomem(context); EVP_DigestInit_ex(m, EVP_md4(), NULL); diff --git a/lib/krb5/scache.c b/lib/krb5/scache.c index c3ecd5810..7a3966494 100644 --- a/lib/krb5/scache.c +++ b/lib/krb5/scache.c @@ -1285,24 +1285,22 @@ scc_remove_cred(krb5_context context, sqlite3_finalize(stmt); - if (id) { - ret = prepare_stmt(context, s->db, &stmt, - "DELETE FROM credentials WHERE oid=?"); - if (ret) - return ret; - sqlite3_bind_int(stmt, 1, credid); + ret = prepare_stmt(context, s->db, &stmt, + "DELETE FROM credentials WHERE oid=?"); + if (ret) + return ret; + sqlite3_bind_int(stmt, 1, credid); - do { - ret = sqlite3_step(stmt); - } while (ret == SQLITE_ROW); - sqlite3_finalize(stmt); - if (ret != SQLITE_DONE) { - ret = KRB5_CC_IO; - krb5_set_error_message(context, ret, - N_("failed to delete scache credental", "")); - } else - ret = 0; - } + do { + ret = sqlite3_step(stmt); + } while (ret == SQLITE_ROW); + sqlite3_finalize(stmt); + if (ret != SQLITE_DONE) { + ret = KRB5_CC_IO; + krb5_set_error_message(context, ret, + N_("failed to delete scache credental", "")); + } else + ret = 0; return ret; } diff --git a/lib/krb5/test_alname.c b/lib/krb5/test_alname.c index 120143e51..36775adef 100644 --- a/lib/krb5/test_alname.c +++ b/lib/krb5/test_alname.c @@ -81,8 +81,8 @@ test_alname(krb5_context context, krb5_const_realm realm, } krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s", princ, localuser); - free(princ); } + free(princ); if (strcmp(localname, localuser) != 0) { if (ok) diff --git a/lib/krb5/test_rfc3961.c b/lib/krb5/test_rfc3961.c index f1255948f..ed8ee9b5f 100644 --- a/lib/krb5/test_rfc3961.c +++ b/lib/krb5/test_rfc3961.c @@ -133,6 +133,7 @@ time_hmac_evp(krb5_context context, size_t size, int iterations) free(buf); krb5_free_keyblock_contents(context, &key); + krb5_crypto_destroy(context, crypto); } static void