krb5: Fix coverity warnings

This commit is contained in:
Nicolas Williams
2022-01-19 23:38:27 -06:00
parent 9203c4a3f4
commit 1eda4920c8
16 changed files with 90 additions and 83 deletions

@@ -121,10 +121,9 @@ init_ccapi(krb5_context context)
if (cc_handle == NULL) { if (cc_handle == NULL) {
HEIMDAL_MUTEX_unlock(&acc_mutex); HEIMDAL_MUTEX_unlock(&acc_mutex);
if (context) krb5_set_error_message(context, KRB5_CC_NOSUPP,
krb5_set_error_message(context, KRB5_CC_NOSUPP, N_("Failed to load API cache module %s", "file"),
N_("Failed to load API cache module %s", "file"), lib);
lib);
return KRB5_CC_NOSUPP; return KRB5_CC_NOSUPP;
} }
@@ -135,10 +134,9 @@ init_ccapi(krb5_context context)
dlsym(cc_handle, "krb5_ipc_client_clear_target"); dlsym(cc_handle, "krb5_ipc_client_clear_target");
HEIMDAL_MUTEX_unlock(&acc_mutex); HEIMDAL_MUTEX_unlock(&acc_mutex);
if (init_func == NULL) { if (init_func == NULL) {
if (context) krb5_set_error_message(context, KRB5_CC_NOSUPP,
krb5_set_error_message(context, KRB5_CC_NOSUPP, N_("Failed to find cc_initialize"
N_("Failed to find cc_initialize" "in %s: %s", "file, error"), lib, dlerror());
"in %s: %s", "file, error"), lib, dlerror());
dlclose(cc_handle); dlclose(cc_handle);
return KRB5_CC_NOSUPP; return KRB5_CC_NOSUPP;
} }
@@ -146,9 +144,8 @@ init_ccapi(krb5_context context)
return 0; return 0;
#else #else
HEIMDAL_MUTEX_unlock(&acc_mutex); HEIMDAL_MUTEX_unlock(&acc_mutex);
if (context) krb5_set_error_message(context, KRB5_CC_NOSUPP,
krb5_set_error_message(context, KRB5_CC_NOSUPP, N_("no support for shared object", ""));
N_("no support for shared object", ""));
return KRB5_CC_NOSUPP; return KRB5_CC_NOSUPP;
#endif #endif
} }

@@ -543,7 +543,13 @@ arange_parse_addr (krb5_context context,
return ret; return ret;
} }
krb5_data_alloc(&addr->address, sizeof(*a)); ret = krb5_data_alloc(&addr->address, sizeof(*a));
if (ret) {
krb5_free_address(context, &low0);
krb5_free_address(context, &high0);
return ret;
}
addr->addr_type = KRB5_ADDRESS_ARANGE; addr->addr_type = KRB5_ADDRESS_ARANGE;
a = addr->address.data; a = addr->address.data;
@@ -1377,12 +1383,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_free_addresses(krb5_context context, krb5_free_addresses(krb5_context context,
krb5_addresses *addresses) krb5_addresses *addresses)
{ {
size_t i; free_HostAddresses(addresses);
for(i = 0; i < addresses->len; i++)
krb5_free_address(context, &addresses->val[i]);
free(addresses->val);
addresses->len = 0;
addresses->val = NULL;
return 0; return 0;
} }

@@ -1606,8 +1606,7 @@ krb5_cc_cache_match (krb5_context context,
} else if (cache == NULL) { } else if (cache == NULL) {
char *str; char *str;
krb5_unparse_name(context, client, &str); (void) krb5_unparse_name(context, client, &str);
krb5_set_error_message(context, KRB5_CC_NOTFOUND, krb5_set_error_message(context, KRB5_CC_NOTFOUND,
N_("Principal %s not found in any " N_("Principal %s not found in any "
"credential cache", ""), "credential cache", ""),

@@ -452,7 +452,7 @@ dcc_resolve_2(krb5_context context,
/* Strip off extra slashes on the end */ /* Strip off extra slashes on the end */
for (len = strlen(dc->dir); for (len = strlen(dc->dir);
len && ISPATHSEP(dc->dir[len - 1]); len && ISPATHSEP(dc->dir[len - 1]);
len -= len ? 1 : 0) len--)
dc->dir[len - 1] = '\0'; dc->dir[len - 1] = '\0';
/* If we got here then `dc->dir' and `dc->sub' must both be set */ /* If we got here then `dc->dir' and `dc->sub' must both be set */
@@ -676,7 +676,7 @@ dcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
/* Strip off extra slashes on the end */ /* Strip off extra slashes on the end */
for (len = strlen(iter->dc->dir); for (len = strlen(iter->dc->dir);
len && ISPATHSEP(iter->dc->dir[len - 1]); len && ISPATHSEP(iter->dc->dir[len - 1]);
len -= len ? 1 : 0) { len--) {
iter->dc->dir[len - 1] = '\0'; iter->dc->dir[len - 1] = '\0';
} }

@@ -779,7 +779,9 @@ get_cred_kdc_address(krb5_context context,
"no-addresses", FALSE, &noaddr); "no-addresses", FALSE, &noaddr);
if (!noaddr) { if (!noaddr) {
krb5_get_all_client_addrs(context, &addresses); ret = krb5_get_all_client_addrs(context, &addresses);
if (ret)
return ret;
/* XXX this sucks. */ /* XXX this sucks. */
addrs = &addresses; addrs = &addresses;
if(addresses.len == 0) if(addresses.len == 0)

@@ -468,7 +468,9 @@ get_init_creds_common(krb5_context context,
if (options == NULL) { if (options == NULL) {
const char *realm = krb5_principal_get_realm(context, client); const char *realm = krb5_principal_get_realm(context, client);
krb5_get_init_creds_opt_alloc (context, &default_opt); ret = krb5_get_init_creds_opt_alloc(context, &default_opt);
if (ret)
return ret;
options = default_opt; options = default_opt;
krb5_get_init_creds_opt_set_default_flags(context, NULL, realm, options); krb5_get_init_creds_opt_set_default_flags(context, NULL, realm, options);
} }
@@ -500,11 +502,8 @@ get_init_creds_common(krb5_context context,
ctx->pre_auth_types = NULL; ctx->pre_auth_types = NULL;
ret = init_cred(context, &ctx->cred, client, start_time, options); ret = init_cred(context, &ctx->cred, client, start_time, options);
if (ret) { if (ret)
if (default_opt) goto out;
krb5_get_init_creds_opt_free(context, default_opt);
return ret;
}
ret = krb5_init_creds_set_service(context, ctx, NULL); ret = krb5_init_creds_set_service(context, ctx, NULL);
if (ret) if (ret)
@@ -578,10 +577,6 @@ get_init_creds_common(krb5_context context,
else else
ctx->runflags.change_password_prompt = ctx->prompter != NULL; ctx->runflags.change_password_prompt = ctx->prompter != NULL;
if (default_opt)
krb5_get_init_creds_opt_free(context, default_opt);
return 0;
out: out:
if (default_opt) if (default_opt)
krb5_get_init_creds_opt_free(context, default_opt); krb5_get_init_creds_opt_free(context, default_opt);

@@ -1009,7 +1009,7 @@ kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops,
aret = asprintf(str, "%s:%s", ops->prefix, name); aret = asprintf(str, "%s:%s", ops->prefix, name);
free(name); free(name);
if (aret == -1 || str == NULL) if (aret == -1 || *str == NULL)
return ENOMEM; return ENOMEM;
return 0; return 0;

@@ -582,29 +582,31 @@ _krb5_kt_principal_not_found(krb5_context context,
krb5_enctype enctype, krb5_enctype enctype,
int kvno) int kvno)
{ {
char princ[256], kvno_str[25], *kt_name; char kvno_str[25];
char *enctype_str = NULL; char *enctype_str = NULL;
char *kt_name = NULL;
char *princ = NULL;
krb5_unparse_name_fixed (context, principal, princ, sizeof(princ)); (void) krb5_unparse_name(context, principal, &princ);
krb5_kt_get_full_name (context, id, &kt_name); (void) krb5_kt_get_full_name(context, id, &kt_name);
if (enctype) if (enctype)
krb5_enctype_to_string(context, enctype, &enctype_str); (void) krb5_enctype_to_string(context, enctype, &enctype_str);
if (kvno) if (kvno)
snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno); snprintf(kvno_str, sizeof(kvno_str), "(kvno %d)", kvno);
else else
kvno_str[0] = '\0'; kvno_str[0] = '\0';
krb5_set_error_message (context, ret, krb5_set_error_message(context, ret,
N_("Failed to find %s%s in keytab %s (%s)", N_("Failed to find %s%s in keytab %s (%s)",
"principal, kvno, keytab file, enctype"), "principal, kvno, keytab file, enctype"),
princ, princ ? princ : "<unknown>",
kvno_str, kvno_str,
kt_name ? kt_name : "unknown keytab", kt_name ? kt_name : "unknown keytab",
enctype_str ? enctype_str : "unknown enctype"); enctype_str ? enctype_str : "unknown enctype");
free(princ);
free(kt_name); free(kt_name);
if (enctype_str) free(enctype_str);
free(enctype_str);
return ret; return ret;
} }
@@ -687,7 +689,8 @@ krb5_kt_get_entry(krb5_context context,
krb5_name_canon_iterator name_canon_iter; krb5_name_canon_iterator name_canon_iter;
if (!principal) if (!principal)
return krb5_kt_get_entry_wrapped(context, id, principal, kvno, enctype, /* Use `NULL' instead of `principal' to quiet static analizers */
return krb5_kt_get_entry_wrapped(context, id, NULL, kvno, enctype,
entry); entry);
ret = krb5_name_canon_iterator_start(context, principal, &name_canon_iter); ret = krb5_name_canon_iterator_start(context, principal, &name_canon_iter);

@@ -59,6 +59,7 @@ usage (int ret)
int int
main(int argc, char **argv) main(int argc, char **argv)
{ {
krb5_error_code ret;
int i, j; int i, j;
krb5_context context; krb5_context context;
int types[] = {KRB5_KRBHST_KDC, KRB5_KRBHST_ADMIN, KRB5_KRBHST_CHANGEPW, int types[] = {KRB5_KRBHST_KDC, KRB5_KRBHST_ADMIN, KRB5_KRBHST_CHANGEPW,
@@ -82,7 +83,9 @@ main(int argc, char **argv)
argc -= optidx; argc -= optidx;
argv += optidx; argv += optidx;
krb5_init_context (&context); ret = krb5_init_context(&context);
if (ret)
krb5_err(NULL, 1, ret, "Failed to initialize context");
for(i = 0; i < argc; i++) { for(i = 0; i < argc; i++) {
krb5_krbhst_handle handle; krb5_krbhst_handle handle;
char host[MAXHOSTNAMELEN]; char host[MAXHOSTNAMELEN];
@@ -90,12 +93,16 @@ main(int argc, char **argv)
for (j = 0; j < sizeof(types)/sizeof(*types); ++j) { for (j = 0; j < sizeof(types)/sizeof(*types); ++j) {
printf ("%s for %s:\n", type_str[j], argv[i]); printf ("%s for %s:\n", type_str[j], argv[i]);
krb5_krbhst_init(context, argv[i], types[j], &handle); ret = krb5_krbhst_init(context, argv[i], types[j], &handle);
while(krb5_krbhst_next_as_string(context, handle, if (ret)
host, sizeof(host)) == 0) krb5_err(context, 1, ret, "Could not init krbhst iterator");
while ((ret = krb5_krbhst_next_as_string(context, handle, host,
sizeof(host))) == 0)
printf("\thost: %s\n", host); printf("\thost: %s\n", host);
krb5_krbhst_reset(context, handle); krb5_krbhst_reset(context, handle);
printf ("\n"); printf("\n");
if (ret)
krb5_err(context, 1, ret, "Could not iterate all krbhst");
} }
} }
return 0; return 0;

@@ -1108,7 +1108,7 @@ rd_kx509_resp(krb5_context context,
ret = errno; ret = errno;
} }
free_Kx509Response(&r); free_Kx509Response(&r);
if (cert) { if (*cert) {
heim_release(herr); heim_release(herr);
return 0; return 0;
} }

@@ -457,6 +457,9 @@ unparse_name_fixed(krb5_context context,
int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0; int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0;
int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0; int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
if (name && len)
name[0] = '\0';
if (!no_realm && princ_realm(principal) == NULL) { if (!no_realm && princ_realm(principal) == NULL) {
krb5_set_error_message(context, ERANGE, krb5_set_error_message(context, ERANGE,
N_("Realm missing from principal, " N_("Realm missing from principal, "
@@ -1964,10 +1967,12 @@ apply_name_canon_rule(krb5_context context, krb5_name_canon_rule rules,
new_hostname = hostname_with_port; new_hostname = hostname_with_port;
} }
if (new_realm != NULL) if (new_realm != NULL &&
krb5_principal_set_realm(context, *out_princ, new_realm); (ret = krb5_principal_set_realm(context, *out_princ, new_realm)))
if (new_hostname != NULL) goto out;
krb5_principal_set_comp_string(context, *out_princ, 1, new_hostname); if (new_hostname != NULL &&
(ret = krb5_principal_set_comp_string(context, *out_princ, 1, new_hostname)))
goto out;
if (princ_type(*out_princ) == KRB5_NT_SRV_HST_NEEDS_CANON) if (princ_type(*out_princ) == KRB5_NT_SRV_HST_NEEDS_CANON)
princ_type(*out_princ) = KRB5_NT_SRV_HST; princ_type(*out_princ) = KRB5_NT_SRV_HST;

@@ -855,7 +855,8 @@ krb5_rd_req_ctx(krb5_context context,
krb5_keytab id = NULL, keytab = NULL; krb5_keytab id = NULL, keytab = NULL;
krb5_principal service = NULL; krb5_principal service = NULL;
*outctx = NULL; if (outctx)
*outctx = NULL;
o = calloc(1, sizeof(*o)); o = calloc(1, sizeof(*o));
if (o == NULL) if (o == NULL)
@@ -1090,9 +1091,9 @@ krb5_rd_req_ctx(krb5_context context,
} }
out: out:
if (ret || outctx == NULL) { if (ret || outctx == NULL)
krb5_rd_req_out_ctx_free(context, o); krb5_rd_req_out_ctx_free(context, o);
} else else
*outctx = o; *outctx = o;
free_AP_REQ(&ap_req); free_AP_REQ(&ap_req);

@@ -47,10 +47,8 @@ ARCFOUR_string_to_key(krb5_context context,
EVP_MD_CTX *m; EVP_MD_CTX *m;
m = EVP_MD_CTX_create(); m = EVP_MD_CTX_create();
if (m == NULL) { if (m == NULL)
ret = krb5_enomem(context); return krb5_enomem(context);
goto out;
}
EVP_DigestInit_ex(m, EVP_md4(), NULL); EVP_DigestInit_ex(m, EVP_md4(), NULL);

@@ -1285,24 +1285,22 @@ scc_remove_cred(krb5_context context,
sqlite3_finalize(stmt); sqlite3_finalize(stmt);
if (id) { ret = prepare_stmt(context, s->db, &stmt,
ret = prepare_stmt(context, s->db, &stmt, "DELETE FROM credentials WHERE oid=?");
"DELETE FROM credentials WHERE oid=?"); if (ret)
if (ret) return ret;
return ret; sqlite3_bind_int(stmt, 1, credid);
sqlite3_bind_int(stmt, 1, credid);
do { do {
ret = sqlite3_step(stmt); ret = sqlite3_step(stmt);
} while (ret == SQLITE_ROW); } while (ret == SQLITE_ROW);
sqlite3_finalize(stmt); sqlite3_finalize(stmt);
if (ret != SQLITE_DONE) { if (ret != SQLITE_DONE) {
ret = KRB5_CC_IO; ret = KRB5_CC_IO;
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
N_("failed to delete scache credental", "")); N_("failed to delete scache credental", ""));
} else } else
ret = 0; ret = 0;
}
return ret; return ret;
} }

@@ -81,8 +81,8 @@ test_alname(krb5_context context, krb5_const_realm realm,
} }
krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s", krb5_err(context, 1, ret, "krb5_aname_to_localname: %s -> %s",
princ, localuser); princ, localuser);
free(princ);
} }
free(princ);
if (strcmp(localname, localuser) != 0) { if (strcmp(localname, localuser) != 0) {
if (ok) if (ok)

@@ -133,6 +133,7 @@ time_hmac_evp(krb5_context context, size_t size, int iterations)
free(buf); free(buf);
krb5_free_keyblock_contents(context, &key); krb5_free_keyblock_contents(context, &key);
krb5_crypto_destroy(context, crypto);
} }
static void static void