From 52a562a3a4c5fc91e866679be05a4e2a2f27bdd4 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Fri, 18 Nov 2016 22:21:37 -0600 Subject: [PATCH] Misc fixes (coverity) --- admin/list.c | 4 +++- appl/gssmask/gssmaestro.c | 4 ++-- lib/base/db.c | 3 +-- lib/gssapi/krb5/accept_sec_context.c | 2 +- lib/gssapi/krb5/inquire_sec_context_by_oid.c | 2 +- lib/gssapi/spnego/context_stubs.c | 3 ++- lib/hdb/hdb-sqlite.c | 3 +-- lib/hx509/revoke.c | 4 +++- lib/kadm5/password_quality.c | 15 ++++++++------- lib/krb5/init_creds_pw.c | 1 + 10 files changed, 23 insertions(+), 18 deletions(-) diff --git a/admin/list.c b/admin/list.c index 5491aaa1a..4bf140737 100644 --- a/admin/list.c +++ b/admin/list.c @@ -129,6 +129,7 @@ do_list(struct list_options *opt, const char *keytab_str) if (entry.aliases) { unsigned int i; struct rk_strpool *p = NULL; + char *s; for (i = 0; i< entry.aliases->len; i++) { krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf)); @@ -136,7 +137,8 @@ do_list(struct list_options *opt, const char *keytab_str) i + 1 < entry.aliases->len ? ", " : ""); } - rtbl_add_column_entry_by_id(table, 5, rk_strpoolcollect(p)); + rtbl_add_column_entry_by_id(table, 5, (s = rk_strpoolcollect(p))); + free(s); } krb5_kt_free_entry(context, &entry); diff --git a/appl/gssmask/gssmaestro.c b/appl/gssmask/gssmaestro.c index 844f6069e..9ccf1de40 100644 --- a/appl/gssmask/gssmaestro.c +++ b/appl/gssmask/gssmaestro.c @@ -475,10 +475,10 @@ test_wrap_ext(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, int32_t val; header.data = "header"; - header.length = 6; + header.length = sizeof("header") - 1; msg.data = "0123456789abcdef"; /* padded for most enctypes */ - msg.length = 32; + msg.length = sizeof("0123456789abcdef") - 1; trailer.data = "trailer"; trailer.length = 7; diff --git a/lib/base/db.c b/lib/base/db.c index c660baf21..4d9985abd 100644 --- a/lib/base/db.c +++ b/lib/base/db.c @@ -993,8 +993,6 @@ db_replay_log_table_del_keys_iter(heim_object_t key, heim_object_t value, if (k == NULL) return; - k = (heim_data_t)key; - db->ret = db->plug->delf(db->db_data, db->current_table, k, &db->error); heim_release(k); } @@ -1409,6 +1407,7 @@ json_db_open(void *plug, const char *dbtype, const char *dbname, if (jsondb == NULL) { heim_release(contents); heim_release(dbname_s); + heim_release(bkpname_s); return ENOMEM; } diff --git a/lib/gssapi/krb5/accept_sec_context.c b/lib/gssapi/krb5/accept_sec_context.c index 26e84318a..b6308cb07 100644 --- a/lib/gssapi/krb5/accept_sec_context.c +++ b/lib/gssapi/krb5/accept_sec_context.c @@ -611,8 +611,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status, rkey); if (kret == 0) use_subkey = 1; - krb5_free_keyblock(context, rkey); } + krb5_free_keyblock(context, rkey); } if (use_subkey) { ctx->more_flags |= ACCEPTOR_SUBKEY; diff --git a/lib/gssapi/krb5/inquire_sec_context_by_oid.c b/lib/gssapi/krb5/inquire_sec_context_by_oid.c index 3e6230fa0..f1ed99320 100644 --- a/lib/gssapi/krb5/inquire_sec_context_by_oid.c +++ b/lib/gssapi/krb5/inquire_sec_context_by_oid.c @@ -149,7 +149,6 @@ static OM_uint32 inquire_sec_context_get_subkey } ret = krb5_store_keyblock(sp, *key); - krb5_free_keyblock (context, key); if (ret) goto out; @@ -169,6 +168,7 @@ static OM_uint32 inquire_sec_context_get_subkey } out: + krb5_free_keyblock(context, key); krb5_data_free(&data); if (sp) krb5_storage_free(sp); diff --git a/lib/gssapi/spnego/context_stubs.c b/lib/gssapi/spnego/context_stubs.c index 37cc354f6..836ce5859 100644 --- a/lib/gssapi/spnego/context_stubs.c +++ b/lib/gssapi/spnego/context_stubs.c @@ -531,6 +531,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_sec_context ( gss_ctx_id_t context; gssspnego_ctx ctx; + *context_handle = GSS_C_NO_CONTEXT; ret = _gss_spnego_alloc_sec_context(minor_status, &context); if (ret != GSS_S_COMPLETE) { return ret; @@ -543,7 +544,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_import_sec_context ( interprocess_token, &ctx->negotiated_ctx_id); if (ret != GSS_S_COMPLETE) { - _gss_spnego_internal_delete_sec_context(&minor, context_handle, GSS_C_NO_BUFFER); + _gss_spnego_internal_delete_sec_context(&minor, &context, GSS_C_NO_BUFFER); return ret; } diff --git a/lib/hdb/hdb-sqlite.c b/lib/hdb/hdb-sqlite.c index b0867d98a..bc176b2bb 100644 --- a/lib/hdb/hdb-sqlite.c +++ b/lib/hdb/hdb-sqlite.c @@ -499,11 +499,10 @@ hdb_sqlite_fetch_kvno(krb5_context context, HDB *db, krb5_const_principal princi } ret = bind_principal(context, principal, fetch, 1); + krb5_free_principal(context, enterprise_principal); if (ret) return ret; - krb5_free_principal(context, enterprise_principal); - sqlite_error = hdb_sqlite_step(context, hsdb->db, fetch); if (sqlite_error != SQLITE_ROW) { if(sqlite_error == SQLITE_DONE) { diff --git a/lib/hx509/revoke.c b/lib/hx509/revoke.c index 2bd6e68ad..a777226db 100644 --- a/lib/hx509/revoke.c +++ b/lib/hx509/revoke.c @@ -337,8 +337,10 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp) return ret; ret = stat(ocsp->path, &sb); - if (ret) + if (ret) { + rk_xfree(data); return errno; + } ret = parse_ocsp_basic(data, length, &basic); rk_xfree(data); diff --git a/lib/kadm5/password_quality.c b/lib/kadm5/password_quality.c index ae3a6affe..80847f9a1 100644 --- a/lib/kadm5/password_quality.c +++ b/lib/kadm5/password_quality.c @@ -379,21 +379,22 @@ kadm5_add_passwd_quality_verifier(krb5_context context, if(check_library == NULL) { krb5_error_code ret; + char **strs; char **tmp; - tmp = krb5_config_get_strings(context, NULL, - "password_quality", - "policy_libraries", - NULL); - if(tmp == NULL || *tmp == NULL) + strs = krb5_config_get_strings(context, NULL, + "password_quality", + "policy_libraries", + NULL); + if(strs == NULL || *strs == NULL) return 0; - while (*tmp) { + for (tmp = strs; *tmp; tmp++) { ret = add_verifier(context, *tmp); if (ret) return ret; - tmp++; } + krb5_config_free_strings(strs); return 0; } else { return add_verifier(context, check_library); diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index 65aa2707e..6e3485896 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -1902,6 +1902,7 @@ _krb5_make_fast_ap_fxarmor(krb5_context context, goto out; out: + krb5_auth_con_free(context, auth_context); return ret; }