hdb: Fix coverity warnings

lib/hdb/common.c

@@ -520,7 +520,8 @@ _hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry)
 	krb5_data_free(&key);
 	return code;
     }
-    hdb_entry2value(context, entry, &value);
+    code = hdb_entry2value(context, entry, &value);
+    if (code == 0)
         code = db->hdb__put(context, db, flags & HDB_F_REPLACE, key, value);
     krb5_data_free(&value);
     krb5_data_free(&key);
@@ -1459,6 +1460,8 @@ fetch_it(krb5_context context,
     char *host = NULL;
     int do_search = 0;
 
+    if (!db->enable_virtual_hostbased_princs)
+        maxdots = mindots = 0;
     if (db->enable_virtual_hostbased_princs && comp1 &&
         strcmp("krbtgt", comp0) != 0 && strcmp(KRB5_WELLKNOWN_NAME, comp0) != 0) {
         char *htmp;
@@ -1527,7 +1530,11 @@ fetch_it(krb5_context context,
          */
         while (maxdots && hdots > maxdots && tmp) {
             tmp = strchr(tmp, '.');
-            /* tmp != NULL because maxdots > 0 */
+            /* tmp != NULL because maxdots > 0; we check to quiet linters */
+            if (tmp == NULL) {
+                ret = HDB_ERR_NOENTRY;
+                goto out;
+            }
             tmp++;
             hdots--;
         }
@@ -1566,6 +1573,8 @@ fetch_it(krb5_context context,
         if (ret == 0)
             ret = pick_kvno(context, db, flags, t, kvno, ent);
     }
+
+out:
     if (ret)
         hdb_free_entry(context, db, ent);
     krb5_free_principal(context, nsprinc);

lib/hdb/hdb-mitdb.c

@@ -1253,17 +1253,16 @@ getdata(char **p, unsigned char *buf, size_t len, const char *what)
 }
 
 static int
-getint(char **p, const char *what)
+getint(char **p, const char *what, int *val)
 {
-    int val;
     char *q = nexttoken(p, 0, what);
     if (!q) {
         warnx("Failed to find a signed integer (%s) in dump", what);
-        return -1;
+        return 1;
     }
-    if (sscanf(q, "%d", &val) != 1)
+    if (sscanf(q, "%d", val) != 1)
-        return -1;
+        return 1;
-    return val;
+    return 0;
 }
 
 static unsigned int
@@ -1327,7 +1326,7 @@ _hdb_mit_dump2mitdb_entry(krb5_context context, char *line, krb5_storage *sp)
               "'policy', nor 'princ'");
         return -1;
     }
-    if (getint(&p, "constant '38'") != 38) {
+    if (getint(&p, "constant '38'", &tmp) || tmp != 38) {
         warnx("Dump entry does not start with '38<TAB>'");
         return EINVAL;
     }
@@ -1343,7 +1342,7 @@ _hdb_mit_dump2mitdb_entry(krb5_context context, char *line, krb5_storage *sp)
     }
     num_tl_data = getuint(&p, "number of TL data");
     num_key_data = getuint(&p, "number of key data");
-    getint(&p, "5th field, length of 'extra data'");
+    (void) getint(&p, "5th field, length of 'extra data'", &tmp);
     princ = nexttoken(&p, (int)princ_len, "principal name");
     if (princ == NULL) {
         warnx("Failed to read principal name (expected length %llu)",
@@ -1355,38 +1354,31 @@ _hdb_mit_dump2mitdb_entry(krb5_context context, char *line, krb5_storage *sp)
     ret = krb5_store_uint32(sp, attributes);
     if (ret) return ret;
 
-    tmp = getint(&p, "max life");
+    if (getint(&p, "max life", &tmp)) return EINVAL;
-    CHECK_UINT(tmp);
     ret = krb5_store_uint32(sp, tmp);
     if (ret) return ret;
 
-    tmp = getint(&p, "max renewable life");
+    if (getint(&p, "max renewable life", &tmp)) return EINVAL;
-    CHECK_UINT(tmp);
     ret = krb5_store_uint32(sp, tmp);
     if (ret) return ret;
 
-    tmp = getint(&p, "expiration");
+    if (getint(&p, "expiration", &tmp)) return EINVAL;
-    CHECK_UINT(tmp);
     ret = krb5_store_uint32(sp, tmp);
     if (ret) return ret;
 
-    tmp = getint(&p, "pw expiration");
+    if (getint(&p, "pw expiration", &tmp)) return EINVAL;
-    CHECK_UINT(tmp);
     ret = krb5_store_uint32(sp, tmp);
     if (ret) return ret;
 
-    tmp = getint(&p, "last auth");
+    if (getint(&p, "last auth", &tmp)) return EINVAL;
-    CHECK_UINT(tmp);
     ret = krb5_store_uint32(sp, tmp);
     if (ret) return ret;
 
-    tmp = getint(&p, "last failed auth");
+    if (getint(&p, "last failed auth", &tmp)) return EINVAL;
-    CHECK_UINT(tmp);
     ret = krb5_store_uint32(sp, tmp);
     if (ret) return ret;
 
-    tmp = getint(&p,"fail auth count");
+    if (getint(&p,"fail auth count", &tmp)) return EINVAL;
-    CHECK_UINT(tmp);
     ret = krb5_store_uint32(sp, tmp);
     if (ret) return ret;
 
@@ -1414,8 +1406,9 @@ _hdb_mit_dump2mitdb_entry(krb5_context context, char *line, krb5_storage *sp)
         int tl_type, tl_length;
         unsigned char *buf;
 
-        tl_type = getint(&p, "TL data type");
+        if (getint(&p, "TL data type", &tl_type) ||
-        tl_length = getint(&p, "data length");
+            getint(&p, "data length", &tl_length))
+            return EINVAL;
 
         if (asprintf(&reading_what, "TL data type %d (length %d)",
                      tl_type, tl_length) < 0)
@@ -1456,23 +1449,23 @@ _hdb_mit_dump2mitdb_entry(krb5_context context, char *line, krb5_storage *sp)
         int keylen;
         size_t k;
 
-        key_versions = getint(&p, "key data 'version'");
+        if (getint(&p, "key data 'version'", &key_versions)) return EINVAL;
         CHECK_UINT16(key_versions);
         ret = krb5_store_int16(sp, key_versions);
         if (ret) return ret;
 
-        kvno = getint(&p, "kvno");
+        if (getint(&p, "kvno", &kvno)) return EINVAL;
         CHECK_UINT16(kvno);
         ret = krb5_store_int16(sp, kvno);
         if (ret) return ret;
 
         for (k = 0; k < key_versions; k++) {
-            keytype = getint(&p, "enctype");
+            if (getint(&p, "enctype", &keytype)) return EINVAL;
             CHECK_UINT16(keytype);
             ret = krb5_store_int16(sp, keytype);
             if (ret) return ret;
 
-            keylen = getint(&p, "encrypted key length");
+            if (getint(&p, "encrypted key length", &keylen)) return EINVAL;
             CHECK_UINT16(keylen);
             ret = krb5_store_int16(sp, keylen);
             if (ret) return ret;

lib/hdb/hdb-sqlite.c

@@ -952,8 +952,9 @@ hdb_sqlite_remove(krb5_context context, HDB *db,
     sqlite3_stmt *get_ids = hsdb->get_ids;
     sqlite3_stmt *rm = hsdb->remove;
 
-    bind_principal(context, principal, rm, 1);
+    ret = bind_principal(context, principal, rm, 1);
 
+    if (ret == 0)
         ret = hdb_sqlite_exec_stmt(context, hsdb,
                                    "BEGIN IMMEDIATE TRANSACTION",
                                    HDB_ERR_UK_SERROR);

lib/hdb/hdb.c

@@ -793,7 +793,7 @@ hdb_create(krb5_context context, HDB **db, const char *filename)
             return ret;
         }
         for (cb_ctx.h = methods; cb_ctx.h->prefix != NULL; cb_ctx.h++) {
-            if (cb_ctx.h->is_file_based && !pathish)
+            if (cb_ctx.h->is_file_based)
                 continue;
             if (!cb_ctx.h->can_taste)
                 continue;
@@ -819,12 +819,14 @@ hdb_create(krb5_context context, HDB **db, const char *filename)
         for (cb_ctx.h = methods; cb_ctx.h->prefix != NULL; cb_ctx.h++)
             if (strcmp(cb_ctx.h->prefix, HDB_DEFAULT_DB_TYPE) == 0)
                 break;
+        if (cb_ctx.h->prefix == NULL)
+            cb_ctx.h = NULL;
     }
 #endif
     if (cb_ctx.h == NULL || cb_ctx.h->prefix == NULL)
         /* Last resort default */
         cb_ctx.h = &default_dbmethod;
-    if (cb_ctx.h == NULL || cb_ctx.h->prefix == NULL) {
+    if (cb_ctx.h->prefix == NULL) {
         krb5_set_error_message(context, ENOTSUP,
                                "Could not determine default DB backend for %s",
                                filename);