Misc fixes (coverity)

2016-11-18 22:21:37 -06:00
parent 4b6bd40106
commit 52a562a3a4
10 changed files with 23 additions and 18 deletions
--- a/admin/list.c
+++ b/admin/list.c
@@ -129,6 +129,7 @@ do_list(struct list_options *opt, const char *keytab_str)
 	if (entry.aliases) {
 	    unsigned int i;
 	    struct rk_strpool *p = NULL;
+            char *s;

 	    for (i = 0; i< entry.aliases->len; i++) {
 		krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf));
@@ -136,7 +137,8 @@ do_list(struct list_options *opt, const char *keytab_str)
 				 i + 1 < entry.aliases->len ? ", " : "");

 	    }
-	    rtbl_add_column_entry_by_id(table, 5, rk_strpoolcollect(p));
+	    rtbl_add_column_entry_by_id(table, 5, (s = rk_strpoolcollect(p)));
+            free(s);
 	}

 	krb5_kt_free_entry(context, &entry);
--- a/appl/gssmask/gssmaestro.c
+++ b/appl/gssmask/gssmaestro.c
@@ -475,10 +475,10 @@ test_wrap_ext(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2,
    int32_t val;

    header.data = "header";
-    header.length = 6;
+    header.length = sizeof("header") - 1;

    msg.data = "0123456789abcdef"; /* padded for most enctypes */
-    msg.length = 32;
+    msg.length = sizeof("0123456789abcdef") - 1;

    trailer.data = "trailer";
    trailer.length = 7;
--- a/lib/base/db.c
+++ b/lib/base/db.c
@@ -993,8 +993,6 @@ db_replay_log_table_del_keys_iter(heim_object_t key, heim_object_t value,
    if (k == NULL)
 	return;

-    k = (heim_data_t)key;
-
    db->ret = db->plug->delf(db->db_data, db->current_table, k, &db->error);
    heim_release(k);
 }
@@ -1409,6 +1407,7 @@ json_db_open(void *plug, const char *dbtype, const char *dbname,
    if (jsondb == NULL) {
 	heim_release(contents);
 	heim_release(dbname_s);
+	heim_release(bkpname_s);
 	return ENOMEM;
    }

--- a/lib/gssapi/krb5/accept_sec_context.c
+++ b/lib/gssapi/krb5/accept_sec_context.c
@@ -611,8 +611,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
 						    rkey);
 		if (kret == 0)
 		    use_subkey = 1;
-		krb5_free_keyblock(context, rkey);
 	    }
+            krb5_free_keyblock(context, rkey);
 	}
 	if (use_subkey) {
 	    ctx->more_flags |= ACCEPTOR_SUBKEY;
--- a/lib/gssapi/krb5/inquire_sec_context_by_oid.c
+++ b/lib/gssapi/krb5/inquire_sec_context_by_oid.c
@@ -149,7 +149,6 @@ static OM_uint32 inquire_sec_context_get_subkey
    }

    ret = krb5_store_keyblock(sp, *key);
-    krb5_free_keyblock (context, key);
    if (ret)
 	goto out;

@@ -169,6 +168,7 @@ static OM_uint32 inquire_sec_context_get_subkey
    }

 out:
+    krb5_free_keyblock(context, key);
    krb5_data_free(&data);
    if (sp)
 	krb5_storage_free(sp);
--- a/lib/gssapi/spnego/context_stubs.c
+++ b/lib/gssapi/spnego/context_stubs.c
@@ -531,6 +531,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_sec_context (
    gss_ctx_id_t context;
    gssspnego_ctx ctx;

+    *context_handle = GSS_C_NO_CONTEXT;
    ret = _gss_spnego_alloc_sec_context(minor_status, &context);
    if (ret != GSS_S_COMPLETE) {
 	return ret;
@@ -543,7 +544,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_sec_context (
 				 interprocess_token,
 				 &ctx->negotiated_ctx_id);
    if (ret != GSS_S_COMPLETE) {
-	_gss_spnego_internal_delete_sec_context(&minor, context_handle, GSS_C_NO_BUFFER);
+	_gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER);
 	return ret;
    }

--- a/lib/hdb/hdb-sqlite.c
+++ b/lib/hdb/hdb-sqlite.c
@@ -499,11 +499,10 @@ hdb_sqlite_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal princi
    }

    ret = bind_principal(context, principal, fetch, 1);
+    krb5_free_principal(context, enterprise_principal);
    if (ret)
 	return ret;

-    krb5_free_principal(context, enterprise_principal);
-
    sqlite_error = hdb_sqlite_step(context, hsdb->db, fetch);
    if (sqlite_error != SQLITE_ROW) {
        if(sqlite_error == SQLITE_DONE) {
--- a/lib/hx509/revoke.c
+++ b/lib/hx509/revoke.c
@@ -337,8 +337,10 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
 	return ret;

    ret = stat(ocsp->path, &sb);
-    if (ret)
+    if (ret) {
+        rk_xfree(data);
 	return errno;
+    }

    ret = parse_ocsp_basic(data, length, &basic);
    rk_xfree(data);
--- a/lib/kadm5/password_quality.c
+++ b/lib/kadm5/password_quality.c
@@ -379,21 +379,22 @@ kadm5_add_passwd_quality_verifier(krb5_context context,

    if(check_library == NULL) {
 	krb5_error_code ret;
+        char **strs;
 	char **tmp;

-	tmp = krb5_config_get_strings(context, NULL,
-				      "password_quality",
-				      "policy_libraries",
-				      NULL);
-	if(tmp == NULL || *tmp == NULL)
+	strs = krb5_config_get_strings(context, NULL,
+				       "password_quality",
+				       "policy_libraries",
+				       NULL);
+	if(strs == NULL || *strs == NULL)
 	    return 0;

-	while (*tmp) {
+	for (tmp = strs; *tmp; tmp++) {
 	    ret = add_verifier(context, *tmp);
 	    if (ret)
 		return ret;
-	    tmp++;
 	}
+        krb5_config_free_strings(strs);
 	return 0;
    } else {
 	return add_verifier(context, check_library);
--- a/lib/krb5/init_creds_pw.c
+++ b/lib/krb5/init_creds_pw.c
@@ -1902,6 +1902,7 @@ _krb5_make_fast_ap_fxarmor(krb5_context context,
 	goto out;

 out:
+    krb5_auth_con_free(context, auth_context);
    return ret;
 }