diff --git a/kdc/connect.c b/kdc/connect.c index 628f93526..7af9c604e 100644 --- a/kdc/connect.c +++ b/kdc/connect.c @@ -1018,7 +1018,7 @@ reap_kid(krb5_context context, krb5_kdc_configuration *config, pid_t pid; char *what; int status; - int i; + int i = 0; /* quiet warnings */ pid = waitpid(-1, &status, options); if (pid < 1) @@ -1093,7 +1093,7 @@ start_kdc(krb5_context context, struct timeval tv2; struct descr *d; unsigned int ndescr; - pid_t pid; + pid_t pid = -1; #ifdef HAVE_FORK pid_t *pids; int max_kdcs = config->num_kdc_processes; @@ -1154,6 +1154,7 @@ start_kdc(krb5_context context, tv1.tv_usec = 0; #ifdef HAVE_FORK + /* Note that we might never execute the body of this loop */ while (exit_flag == 0) { /* Slow down the creation of KDCs... */ diff --git a/lib/hdb/db3.c b/lib/hdb/db3.c index 6f77059ab..cd2e33f06 100644 --- a/lib/hdb/db3.c +++ b/lib/hdb/db3.c @@ -454,7 +454,7 @@ hdb_db3_create(krb5_context context, HDB **db, const char *filename) { DB3_HDB **db3 = (DB3_HDB **)db; - *db = calloc(1, sizeof(**db3)); /* Allocate space for the larger db3 */ + *db3 = calloc(1, sizeof(**db3)); /* Allocate space for the larger db3 */ if (*db == NULL) { krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; diff --git a/lib/hdb/hdb-ldap.c b/lib/hdb/hdb-ldap.c index 3add67bf3..1fe01e50c 100644 --- a/lib/hdb/hdb-ldap.c +++ b/lib/hdb/hdb-ldap.c @@ -1114,7 +1114,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, goto out; } ent->entry.etypes->len = ldap_count_values_len(vals); - ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int)); + ent->entry.etypes->val = calloc(ent->entry.etypes->len, + sizeof(ent->entry.etypes->val[0])); if (ent->entry.etypes->val == NULL) { ret = ENOMEM; krb5_set_error_message(context, ret, "malloc: out of memory"); @@ -1573,7 +1574,7 @@ LDAP_firstkey(krb5_context context, HDB *db, unsigned flags, "(|(objectClass=krb5Principal)(objectClass=sambaSamAccount))", krb5kdcentry_attrs, 0, NULL, NULL, NULL, 0, &msgid); - if (msgid < 0) + if (ret != LDAP_SUCCESS || msgid < 0) return HDB_ERR_NOENTRY; HDBSETMSGID(db, msgid); diff --git a/lib/hdb/hdb-mdb.c b/lib/hdb/hdb-mdb.c index 8a2467992..920d7780e 100644 --- a/lib/hdb/hdb-mdb.c +++ b/lib/hdb/hdb-mdb.c @@ -282,14 +282,11 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) if((flags & O_ACCMODE) == O_RDONLY) myflags |= MDB_RDONLY; - if (asprintf(&fn, "%s.mdb", db->hdb_name) == -1) { - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); - return ENOMEM; - } + if (asprintf(&fn, "%s.mdb", db->hdb_name) == -1) + return krb5_enomem(context); if (mdb_env_create(&mi->e)) { free(fn); - krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); - return ENOMEM; + return krb5_enomem(context); } tmp = krb5_config_get_int_default(context, NULL, 0, "kdc", @@ -297,6 +294,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) if (tmp) { ret = mdb_env_set_maxreaders(mi->e, tmp); if (ret) { + free(fn); krb5_set_error_message(context, ret, "setting maxreaders on %s: %s", db->hdb_name, mdb_strerror(ret)); return ret; @@ -310,6 +308,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) maps *= KILO; ret = mdb_env_set_mapsize(mi->e, maps); if (ret) { + free(fn); krb5_set_error_message(context, ret, "setting mapsize on %s: %s", db->hdb_name, mdb_strerror(ret)); return ret; @@ -317,16 +316,15 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) } ret = mdb_env_open(mi->e, fn, myflags, mode); + free(fn); if (ret) { fail: mdb_env_close(mi->e); mi->e = 0; - free(fn); krb5_set_error_message(context, ret, "opening %s: %s", db->hdb_name, mdb_strerror(ret)); return ret; } - free(fn); ret = mdb_txn_begin(mi->e, NULL, MDB_RDONLY, &txn); if (ret) diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c index c2438cc90..9f745afee 100644 --- a/lib/hx509/cms.c +++ b/lib/hx509/cms.c @@ -863,7 +863,7 @@ hx509_cms_verify_signed(hx509_context context, } for (found_valid_sig = 0, i = 0; i < sd.signerInfos.len; i++) { - heim_octet_string signed_data; + heim_octet_string signed_data = { 0, 0 }; const heim_oid *match_oid; heim_oid decode_oid; @@ -1024,8 +1024,10 @@ hx509_cms_verify_signed(hx509_context context, "Failed to verify signature in " "CMS SignedData"); } - if (signer_info->signedAttrs) - free(signed_data.data); + if (signed_data.data != NULL && content->data != signed_data.data) { + free(signed_data.data); + signed_data.data = NULL; + } if (ret) goto next_sigature; diff --git a/lib/kadm5/ipropd_common.c b/lib/kadm5/ipropd_common.c index e2332f833..be0adc1b3 100644 --- a/lib/kadm5/ipropd_common.c +++ b/lib/kadm5/ipropd_common.c @@ -104,7 +104,7 @@ restarter(krb5_context context, size_t *countp) { #if defined(HAVE_FORK) && defined(HAVE_WAITPID) struct timeval tmout; - pid_t pid; + pid_t pid = -1; pid_t wpid = -1; int status; int fds[2]; diff --git a/lib/kadm5/ipropd_slave.c b/lib/kadm5/ipropd_slave.c index 009bccd28..0c58db8c5 100644 --- a/lib/kadm5/ipropd_slave.c +++ b/lib/kadm5/ipropd_slave.c @@ -911,7 +911,7 @@ main(int argc, char **argv) continue; } - if (FD_ISSET(restarter_fd, &readset)) { + if (restarter_fd > -1 && FD_ISSET(restarter_fd, &readset)) { if (verbose) krb5_warnx(context, "slave restarter exited"); exit_flag = SIGTERM; diff --git a/lib/kadm5/log.c b/lib/kadm5/log.c index 0f237fbd4..a284fd3e5 100644 --- a/lib/kadm5/log.c +++ b/lib/kadm5/log.c @@ -205,6 +205,9 @@ get_header(krb5_storage *sp, int peek, uint32_t *verp, uint32_t *tstampp, *verp = 0; *tstampp = 0; + if (opp != NULL) + *opp = kadm_nop; + *lenp = 0; off = krb5_storage_seek(sp, 0, SEEK_CUR); if (off < 0) @@ -728,8 +731,7 @@ kadm5_log_reinit(kadm5_server_context *server_context, uint32_t vno) /* Write uber entry and truncation nop with version `vno` */ log_context->version = vno; - ret = kadm5_log_nop(server_context, kadm_nop_plain); - return 0; + return kadm5_log_nop(server_context, kadm_nop_plain); } /* Close the server_context->log_context. */ @@ -1537,7 +1539,8 @@ kadm5_log_replay_modify(kadm5_server_context *context, ent.entry.keys.val = malloc(len * sizeof(*ent.entry.keys.val)); if (ent.entry.keys.val == NULL) { krb5_set_error_message(context->context, ENOMEM, "out of memory"); - return ENOMEM; + ret = ENOMEM; + goto out; } for (i = 0; i < ent.entry.keys.len; ++i) { ret = copy_Key(&log_ent.entry.keys.val[i], diff --git a/lib/krb5/dcache.c b/lib/krb5/dcache.c index 61a97a89d..a8d283020 100644 --- a/lib/krb5/dcache.c +++ b/lib/krb5/dcache.c @@ -424,7 +424,6 @@ dcc_gen_new(krb5_context context, krb5_ccache *id) dcc_close(context, *id); return krb5_enomem(context); } - free(dc->name); fd = mkstemp(&name[1]); if (fd < 0) { @@ -433,6 +432,7 @@ dcc_gen_new(krb5_context context, krb5_ccache *id) } close(fd); + free(dc->name); dc->name = name; return 0; @@ -556,6 +556,7 @@ dcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) name = copy_default_dcc_cache(context); if (name == NULL) { + free(iter); krb5_set_error_message(context, KRB5_CC_FORMAT, N_("Can't generate DIR caches unless its the default type", "")); return KRB5_CC_FORMAT; diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index d4803befe..65aa2707e 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -232,13 +232,11 @@ init_cred (krb5_context context, memset (cred, 0, sizeof(*cred)); if (client) - krb5_copy_principal(context, client, &cred->client); - else { - ret = krb5_get_default_principal (context, - &cred->client); - if (ret) - goto out; - } + ret = krb5_copy_principal(context, client, &cred->client); + else + ret = krb5_get_default_principal(context, &cred->client); + if (ret) + goto out; if (start_time) cred->times.starttime = now + start_time; @@ -532,6 +530,8 @@ change_password (krb5_context context, char *p; krb5_get_init_creds_opt *options; + heim_assert(prompter != NULL, "unexpected NULL prompter"); + memset (&cpw_cred, 0, sizeof(cpw_cred)); ret = krb5_get_init_creds_opt_alloc(context, &options); @@ -1933,15 +1933,14 @@ make_fast_ap_fxarmor(krb5_context context, ALLOC(fxarmor, 1); - if (fxarmor == NULL) { - ret = krb5_enomem(context); - goto out; - } + if (fxarmor == NULL) + return krb5_enomem(context); if (state->flags & KRB5_FAST_AP_ARMOR_SERVICE) { #ifdef WIN32 krb5_set_error_message(context, ENOTSUP, "Fast armor IPC service not supportted yet on Windows"); - return ENOTSUP; + ret = ENOTSUP; + goto out; #else /* WIN32 */ KERB_ARMOR_SERVICE_REPLY msg; krb5_data request, reply; @@ -1949,7 +1948,8 @@ make_fast_ap_fxarmor(krb5_context context, heim_base_once_f(&armor_service_once, &armor_service, fast_armor_init_ipc); if (armor_service == NULL) { krb5_set_error_message(context, ENOENT, "Failed to open fast armor service"); - return ENOENT; + ret = ENOENT; + goto out; } krb5_data_zero(&reply); @@ -1961,7 +1961,7 @@ make_fast_ap_fxarmor(krb5_context context, heim_release(send); if (ret) { krb5_set_error_message(context, ret, "Failed to get armor service credential"); - return ret; + goto out; } ret = decode_KERB_ARMOR_SERVICE_REPLY(reply.data, reply.length, &msg, NULL); @@ -2116,6 +2116,8 @@ fast_wrap_req(krb5_context context, struct fast_state *state, KDC_REQ *req) 0, &fxreq.u.armored_data.enc_fast_req); krb5_data_free(&data); + if (ret) + goto out; } else { krb5_data_free(&data); @@ -2382,6 +2384,10 @@ krb5_init_creds_step(krb5_context context, if (ctx->in_tkt_service != NULL && strcmp(ctx->in_tkt_service, "kadmin/changepw") == 0) goto out; + /* don't try to change password where then where none */ + if (ctx->prompter == NULL) + goto out; + ret = change_password(context, ctx->cred.client, ctx->password, diff --git a/lib/krb5/pac.c b/lib/krb5/pac.c index 9c82b96f7..4b877e6d5 100644 --- a/lib/krb5/pac.c +++ b/lib/krb5/pac.c @@ -405,7 +405,7 @@ krb5_pac_get_types(krb5_context context, { size_t i; - *types = calloc(p->pac->numbuffers, sizeof(*types)); + *types = calloc(p->pac->numbuffers, sizeof(**types)); if (*types == NULL) { *len = 0; return krb5_enomem(context); @@ -549,6 +549,8 @@ create_checksum(krb5_context context, if (cksumtype == (uint32_t)CKSUMTYPE_HMAC_MD5) { ret = HMAC_MD5_any_checksum(context, key, data, datalen, KRB5_KU_OTHER_CKSUM, &cksum); + if (ret) + return ret; } else { ret = krb5_crypto_init(context, key, 0, &crypto); if (ret) diff --git a/lib/krb5/scache.c b/lib/krb5/scache.c index 7b04a5197..06386d6cd 100644 --- a/lib/krb5/scache.c +++ b/lib/krb5/scache.c @@ -1194,7 +1194,6 @@ scc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) } ret = asprintf(&str, "SELECT name FROM %s", name); - free(name); if (ret < 0 || str == NULL) { exec_stmt(context, ctx->db, ctx->drop, 0); sqlite3_close(ctx->db); @@ -1203,6 +1202,7 @@ scc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) free(ctx); return krb5_enomem(context); } + free(name); ret = prepare_stmt(context, ctx->db, &ctx->stmt, str); free(str); diff --git a/lib/roken/rtbl.c b/lib/roken/rtbl.c index f58ec52b7..efcf55e58 100644 --- a/lib/roken/rtbl.c +++ b/lib/roken/rtbl.c @@ -169,7 +169,7 @@ rtbl_new_row(rtbl_t table) if(table->columns[c]->num_rows == max_rows) continue; tmp = realloc(table->columns[c]->rows, - max_rows * sizeof(table->columns[c]->rows)); + max_rows * sizeof(table->columns[c]->rows[0])); if(tmp == NULL) return ENOMEM; table->columns[c]->rows = tmp;