diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c index 95a74927f..98989bd64 100644 --- a/kdc/kerberos5.c +++ b/kdc/kerberos5.c @@ -1946,7 +1946,9 @@ _kdc_as_rep(kdc_request_t r, goto out; rep.ticket.tkt_vno = 5; - copy_Realm(&r->server->entry.principal->realm, &rep.ticket.realm); + ret = copy_Realm(&r->server->entry.principal->realm, &rep.ticket.realm); + if (ret) + goto out; _krb5_principal2principalname(&rep.ticket.sname, r->server->entry.principal); /* java 1.6 expects the name to be the same type, lets allow that @@ -2111,8 +2113,12 @@ _kdc_as_rep(kdc_request_t r, ALLOC(r->ek.renew_till); *r->ek.renew_till = *r->et.renew_till; } - copy_Realm(&rep.ticket.realm, &r->ek.srealm); - copy_PrincipalName(&rep.ticket.sname, &r->ek.sname); + ret = copy_Realm(&rep.ticket.realm, &r->ek.srealm); + if (ret) + goto out; + ret = copy_PrincipalName(&rep.ticket.sname, &r->ek.sname); + if (ret) + goto out; if(r->et.caddr){ ALLOC(r->ek.caddr); copy_HostAddresses(r->et.caddr, r->ek.caddr); diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c index 98503812f..24b78cad2 100644 --- a/kdc/krb5tgs.c +++ b/kdc/krb5tgs.c @@ -807,15 +807,21 @@ tgs_make_reply(krb5_context context, if(ret) goto out; - copy_Realm(&server_principal->realm, &rep.ticket.realm); + ret = copy_Realm(&server_principal->realm, &rep.ticket.realm); + if (ret) + goto out; _krb5_principal2principalname(&rep.ticket.sname, server_principal); - copy_Realm(&tgt_name->realm, &rep.crealm); + ret = copy_Realm(&tgt_name->realm, &rep.crealm); + if (ret) + goto out; /* if (f.request_anonymous) _kdc_make_anonymous_principalname (&rep.cname); else */ - copy_PrincipalName(&tgt_name->name, &rep.cname); + ret = copy_PrincipalName(&tgt_name->name, &rep.cname); + if (ret) + goto out; rep.ticket.tkt_vno = 5; ek.caddr = et.caddr; diff --git a/kuser/kimpersonate.c b/kuser/kimpersonate.c index d2a485b3f..b1cefea0f 100644 --- a/kuser/kimpersonate.c +++ b/kuser/kimpersonate.c @@ -82,7 +82,9 @@ encode_ticket(krb5_context context, et.flags = cred->flags.b; et.key = cred->session; et.crealm = cred->client->realm; - copy_PrincipalName(&cred->client->name, &et.cname); + ret = copy_PrincipalName(&cred->client->name, &et.cname); + if (ret) + krb5_err(context, 1, ret, "copy_PrincipalName"); { krb5_data empty_string; @@ -127,7 +129,9 @@ encode_ticket(krb5_context context, ticket.tkt_vno = 5; ticket.realm = cred->server->realm; - copy_PrincipalName(&cred->server->name, &ticket.sname); + ret = copy_PrincipalName(&cred->server->name, &ticket.sname); + if (ret) + krb5_err(context, 1, ret, "copy_PrincipalName"); ASN1_MALLOC_ENCODE(Ticket, buf, len, &ticket, &size, ret); if(ret) diff --git a/lib/krb5/build_auth.c b/lib/krb5/build_auth.c index 003ccae8c..cbc67744a 100644 --- a/lib/krb5/build_auth.c +++ b/lib/krb5/build_auth.c @@ -117,8 +117,12 @@ _krb5_build_authenticator (krb5_context context, memset(&auth, 0, sizeof(auth)); auth.authenticator_vno = 5; - copy_Realm(&cred->client->realm, &auth.crealm); - copy_PrincipalName(&cred->client->name, &auth.cname); + ret = copy_Realm(&cred->client->realm, &auth.crealm); + if (ret) + goto fail; + ret = copy_PrincipalName(&cred->client->name, &auth.cname); + if (ret) + goto fail; krb5_us_timeofday (context, &auth.ctime, &auth.cusec); diff --git a/lib/krb5/get_for_creds.c b/lib/krb5/get_for_creds.c index 8a00ccec8..43265d827 100644 --- a/lib/krb5/get_for_creds.c +++ b/lib/krb5/get_for_creds.c @@ -355,11 +355,17 @@ krb5_get_forwarded_creds (krb5_context context, krb_cred_info = enc_krb_cred_part.ticket_info.val; - copy_EncryptionKey (&out_creds->session, &krb_cred_info->key); + ret = copy_EncryptionKey (&out_creds->session, &krb_cred_info->key); + if (ret) + goto out4; ALLOC(krb_cred_info->prealm, 1); - copy_Realm (&out_creds->client->realm, krb_cred_info->prealm); + ret = copy_Realm (&out_creds->client->realm, krb_cred_info->prealm); + if (ret) + goto out4; ALLOC(krb_cred_info->pname, 1); - copy_PrincipalName(&out_creds->client->name, krb_cred_info->pname); + ret = copy_PrincipalName(&out_creds->client->name, krb_cred_info->pname); + if (ret) + goto out4; ALLOC(krb_cred_info->flags, 1); *krb_cred_info->flags = out_creds->flags.b; ALLOC(krb_cred_info->authtime, 1); @@ -371,11 +377,17 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC(krb_cred_info->renew_till, 1); *krb_cred_info->renew_till = out_creds->times.renew_till; ALLOC(krb_cred_info->srealm, 1); - copy_Realm (&out_creds->server->realm, krb_cred_info->srealm); + ret = copy_Realm (&out_creds->server->realm, krb_cred_info->srealm); + if (ret) + goto out4; ALLOC(krb_cred_info->sname, 1); - copy_PrincipalName (&out_creds->server->name, krb_cred_info->sname); + ret = copy_PrincipalName (&out_creds->server->name, krb_cred_info->sname); + if (ret) + goto out4; ALLOC(krb_cred_info->caddr, 1); - copy_HostAddresses (&out_creds->addresses, krb_cred_info->caddr); + ret = copy_HostAddresses (&out_creds->addresses, krb_cred_info->caddr); + if (ret) + goto out4; krb5_free_creds (context, out_creds); diff --git a/lib/krb5/rd_cred.c b/lib/krb5/rd_cred.c index b9b18ee99..e38882525 100644 --- a/lib/krb5/rd_cred.c +++ b/lib/krb5/rd_cred.c @@ -271,7 +271,11 @@ krb5_rd_cred(krb5_context context, } if(creds->ticket.length != len) krb5_abortx(context, "internal error in ASN.1 encoder"); - copy_EncryptionKey (&kci->key, &creds->session); + ret = copy_EncryptionKey (&kci->key, &creds->session); + if (ret) { + krb5_free_creds(context, creds); + goto out; + } if (kci->prealm && kci->pname) _krb5_principalname2krb5_principal (context, &creds->client,