(_krb5_mk_req_internal): on failure, goto error handling.
Fixes Coverity NetBSD CID 2591 by catching a failing krb5_copy_keyblock() git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16797 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -65,7 +65,7 @@ _krb5_mk_req_internal(krb5_context context,
|
|||||||
if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
|
if(ac->local_subkey == NULL && (ap_req_options & AP_OPTS_USE_SUBKEY)) {
|
||||||
ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session);
|
ret = krb5_auth_con_generatelocalsubkey(context, ac, &in_creds->session);
|
||||||
if(ret)
|
if(ret)
|
||||||
return ret;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
@@ -93,7 +93,9 @@ _krb5_mk_req_internal(krb5_context context,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
krb5_free_keyblock(context, ac->keyblock);
|
krb5_free_keyblock(context, ac->keyblock);
|
||||||
krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
|
ret = krb5_copy_keyblock(context, &in_creds->session, &ac->keyblock);
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
|
|
||||||
/* it's unclear what type of checksum we can use. try the best one, except:
|
/* it's unclear what type of checksum we can use. try the best one, except:
|
||||||
* a) if it's configured differently for the current realm, or
|
* a) if it's configured differently for the current realm, or
|
||||||
@@ -125,7 +127,7 @@ _krb5_mk_req_internal(krb5_context context,
|
|||||||
|
|
||||||
ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
|
ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
goto out;
|
||||||
ret = krb5_create_checksum(context,
|
ret = krb5_create_checksum(context,
|
||||||
crypto,
|
crypto,
|
||||||
checksum_usage,
|
checksum_usage,
|
||||||
@@ -133,7 +135,6 @@ _krb5_mk_req_internal(krb5_context context,
|
|||||||
in_data->data,
|
in_data->data,
|
||||||
in_data->length,
|
in_data->length,
|
||||||
&c);
|
&c);
|
||||||
|
|
||||||
krb5_crypto_destroy(context, crypto);
|
krb5_crypto_destroy(context, crypto);
|
||||||
}
|
}
|
||||||
c_opt = &c;
|
c_opt = &c;
|
||||||
@@ -141,6 +142,9 @@ _krb5_mk_req_internal(krb5_context context,
|
|||||||
c_opt = NULL;
|
c_opt = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
|
|
||||||
ret = krb5_build_authenticator (context,
|
ret = krb5_build_authenticator (context,
|
||||||
ac,
|
ac,
|
||||||
ac->keyblock->keytype,
|
ac->keyblock->keytype,
|
||||||
@@ -152,10 +156,11 @@ _krb5_mk_req_internal(krb5_context context,
|
|||||||
if (c_opt)
|
if (c_opt)
|
||||||
free_Checksum (c_opt);
|
free_Checksum (c_opt);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
goto out;
|
||||||
|
|
||||||
ret = krb5_build_ap_req (context, ac->keyblock->keytype,
|
ret = krb5_build_ap_req (context, ac->keyblock->keytype,
|
||||||
in_creds, ap_req_options, authenticator, outbuf);
|
in_creds, ap_req_options, authenticator, outbuf);
|
||||||
|
out:
|
||||||
if(auth_context == NULL)
|
if(auth_context == NULL)
|
||||||
krb5_auth_con_free(context, ac);
|
krb5_auth_con_free(context, ac);
|
||||||
return ret;
|
return ret;
|
||||||
|
|||||||
Reference in New Issue
Block a user