diff --git a/appl/gssmask/gssmask.c b/appl/gssmask/gssmask.c index 35c548979..44b59fe5e 100644 --- a/appl/gssmask/gssmask.c +++ b/appl/gssmask/gssmask.c @@ -951,7 +951,9 @@ HandleOP(WrapExt) memcpy(p, iov[4].buffer.value, iov[4].buffer.length); p += iov[4].buffer.length; memcpy(p, iov[5].buffer.value, iov[5].buffer.length); +#if 0 /* Would be needed to keep going, but presently unused */ p += iov[5].buffer.length; +#endif gss_release_iov_buffer(NULL, iov, iov_len); diff --git a/appl/test/gssapi_server.c b/appl/test/gssapi_server.c index 5d2a39dd7..baf13ecff 100644 --- a/appl/test/gssapi_server.c +++ b/appl/test/gssapi_server.c @@ -159,6 +159,8 @@ process_it(int sock, input_token, NULL, output_token); + if (GSS_ERROR(maj_stat)) + gss_err(1, min_stat, "gss_wrap"); write_token (sock, output_token); gss_release_buffer (&min_stat, output_token); @@ -184,7 +186,7 @@ proto (int sock, const char *service) gss_name_t client_name; struct gss_channel_bindings_struct input_chan_bindings; gss_cred_id_t delegated_cred_handle = NULL; - krb5_ccache ccache; + krb5_ccache ccache = NULL; u_char init_buf[4]; u_char acct_buf[4]; gss_OID mech_oid; @@ -270,15 +272,21 @@ proto (int sock, const char *service) printf("Using mech: %s\n", mech); if (delegated_cred_handle != GSS_C_NO_CREDENTIAL) { - krb5_context context; + krb5_context context = NULL; printf("Delegated cred found\n"); - maj_stat = krb5_init_context(&context); - maj_stat = krb5_cc_resolve(context, "FILE:/tmp/krb5cc_test", &ccache); - maj_stat = gss_krb5_copy_ccache(&min_stat, - delegated_cred_handle, - ccache); + min_stat = krb5_init_context(&context); + if (min_stat) + gss_err(1, min_stat, "krb5_init_context"); + if (min_stat == 0) + min_stat = krb5_cc_resolve(context, "FILE:/tmp/krb5cc_test", &ccache); + if (min_stat == 0) + maj_stat = gss_krb5_copy_ccache(&min_stat, + delegated_cred_handle, + ccache); + else + maj_stat = GSS_S_FAILURE; if (maj_stat == 0) { krb5_principal p; maj_stat = krb5_cc_get_principal(context, ccache, &p); @@ -293,6 +301,7 @@ proto (int sock, const char *service) } } krb5_cc_close(context, ccache); + krb5_free_context(context); gss_release_cred(&min_stat, &delegated_cred_handle); } diff --git a/lib/gssapi/gss-token.c b/lib/gssapi/gss-token.c index 65d0e3fda..0d1725c3a 100644 --- a/lib/gssapi/gss-token.c +++ b/lib/gssapi/gss-token.c @@ -250,7 +250,7 @@ write_and_free_token(gss_buffer_t out, int negotiate) bail: gss_release_buffer(&min, out); - return 0; + return ret; } static int @@ -402,7 +402,7 @@ static int initiate_many(gss_name_t service, int delegate, int negotiate, int memcache, size_t count) { - krb5_error_code kret; + krb5_error_code kret = 0; krb5_context kctx = NULL; krb5_ccache def_cache = NULL; krb5_ccache mem_cache = NULL; @@ -567,7 +567,7 @@ print_all_mechs(void) for (i=0; i < mech_set->count; i++) printf("%s\n", gss_oid_to_name(&mech_set->elements[i])); - maj = gss_release_oid_set(&min, &mech_set); + (void) gss_release_oid_set(&min, &mech_set); bail: exit(ret); diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c index 2e389d424..0cdfc0582 100644 --- a/lib/gssapi/krb5/arcfour.c +++ b/lib/gssapi/krb5/arcfour.c @@ -177,7 +177,7 @@ arcfour_mic_cksum_iov(krb5_context context, memcpy(ptr + ofs, padding->buffer.value, padding->buffer.length); - ofs += padding->buffer.length; + /* ofs += padding->buffer.length; */ } ret = krb5_crypto_init(context, key, 0, &crypto); @@ -880,6 +880,11 @@ _gssapi_wrap_iov_length_arcfour(OM_uint32 *minor_status, } } + if (header == NULL) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + major_status = _gk_verify_buffers(minor_status, ctx, header, padding, trailer, FALSE); if (major_status != GSS_S_COMPLETE) { diff --git a/lib/gssapi/mech/gss_cred.c b/lib/gssapi/mech/gss_cred.c index 3ba2dd846..00561ce92 100644 --- a/lib/gssapi/mech/gss_cred.c +++ b/lib/gssapi/mech/gss_cred.c @@ -262,8 +262,7 @@ gss_import_cred(OM_uint32 * minor_status, goto out; } - if (m->gm_import_cred == NULL && - !gss_oid_equal(&m->gm_mech_oid, GSS_SPNEGO_MECHANISM)) { + if (m->gm_import_cred == NULL) { *minor_status = 0; major = GSS_S_BAD_MECH; goto out; @@ -287,8 +286,7 @@ gss_import_cred(OM_uint32 * minor_status, continue; } - major = m->gm_import_cred(minor_status, - &buffer, &mcred); + major = m->gm_import_cred(minor_status, &buffer, &mcred); gss_release_buffer(&junk, &buffer); if (major != GSS_S_COMPLETE) goto out; diff --git a/lib/gssapi/mech/gss_export_sec_context.c b/lib/gssapi/mech/gss_export_sec_context.c index 05a05f508..c0309809f 100644 --- a/lib/gssapi/mech/gss_export_sec_context.c +++ b/lib/gssapi/mech/gss_export_sec_context.c @@ -72,6 +72,10 @@ gss_export_sec_context(OM_uint32 *minor_status, verflags |= EXPORT_CONTEXT_FLAG_MECH_CTX; kret = krb5_store_uint8(sp, verflags); + if (kret) { + *minor_status = kret; + goto failure; + } if (ctx->gc_target_len) { _gss_mg_log(10, "gss-esc: exporting partial token %zu/%zu", diff --git a/lib/gssapi/mech/gss_import_name.c b/lib/gssapi/mech/gss_import_name.c index 92773f037..a25ef4688 100644 --- a/lib/gssapi/mech/gss_import_name.c +++ b/lib/gssapi/mech/gss_import_name.c @@ -133,7 +133,7 @@ _gss_import_export_name(OM_uint32 *minor_status, len -= t; t = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; - p += 4; + /* p += 4; // we're done using `p' now */ len -= 4; if (len != t) diff --git a/lib/gssapi/mech/gss_import_sec_context.c b/lib/gssapi/mech/gss_import_sec_context.c index 0acae8533..39b717e3d 100644 --- a/lib/gssapi/mech/gss_import_sec_context.c +++ b/lib/gssapi/mech/gss_import_sec_context.c @@ -42,9 +42,9 @@ gss_import_sec_context(OM_uint32 *minor_status, _gss_mg_log(10, "gss-isc called"); - if (!minor_status || !context_handle) { + if (!context_handle) { *minor_status = EFAULT; - return GSS_S_FAILURE; + return GSS_S_CALL_INACCESSIBLE_WRITE; } *minor_status = 0; @@ -87,7 +87,7 @@ gss_import_sec_context(OM_uint32 *minor_status, if (ret != GSS_S_COMPLETE) goto failure; - ctx->gc_input.value = calloc(target_len, 1); + ctx->gc_free_this = ctx->gc_input.value = calloc(target_len, 1); if (ctx->gc_input.value == NULL) goto failure; diff --git a/lib/gssapi/mech/gss_krb5.c b/lib/gssapi/mech/gss_krb5.c index 0f6d14209..e1f1d4941 100644 --- a/lib/gssapi/mech/gss_krb5.c +++ b/lib/gssapi/mech/gss_krb5.c @@ -520,7 +520,8 @@ gss_krb5_ccache_name(OM_uint32 *minor_status, } } - *out_name = args.out_name; + if (out_name) + *out_name = args.out_name; return major_status; } diff --git a/lib/gssapi/mech/gss_mech_switch.c b/lib/gssapi/mech/gss_mech_switch.c index 60fe376a9..a56028ddc 100644 --- a/lib/gssapi/mech/gss_mech_switch.c +++ b/lib/gssapi/mech/gss_mech_switch.c @@ -137,6 +137,8 @@ _gss_string_to_oid(const char* s, gss_OID *oidp) } } } + if (byte_count == 0) + return EINVAL; if (!res) { res = malloc(byte_count); if (!res) diff --git a/lib/gssapi/mech/gss_pname_to_uid.c b/lib/gssapi/mech/gss_pname_to_uid.c index 72fd9de46..5046faed0 100644 --- a/lib/gssapi/mech/gss_pname_to_uid.c +++ b/lib/gssapi/mech/gss_pname_to_uid.c @@ -158,6 +158,10 @@ gss_pname_to_uid(OM_uint32 *minor_status, major = gss_localname(minor_status, pname, mech_type, &localname); if (GSS_ERROR(major)) return major; + if (localname.length == 0) { + *minor_status = KRB5_NO_LOCALNAME; + return GSS_S_FAILURE; + } szLocalname = malloc(localname.length + 1); if (szLocalname == NULL) { diff --git a/lib/gssapi/ntlm/init_sec_context.c b/lib/gssapi/ntlm/init_sec_context.c index 1063db19b..7172c588b 100644 --- a/lib/gssapi/ntlm/init_sec_context.c +++ b/lib/gssapi/ntlm/init_sec_context.c @@ -56,6 +56,8 @@ from_file(const char *fn, const char *target_domain, d = strtok_r(buf, ":", &str); free(*domainp); *domainp = NULL; + if (!d) + continue; if (d && target_domain != NULL && strcasecmp(target_domain, d) != 0) continue; *domainp = strdup(d); diff --git a/lib/gssapi/sanon/import_name.c b/lib/gssapi/sanon/import_name.c index f23fce2ec..1a228b69e 100644 --- a/lib/gssapi/sanon/import_name.c +++ b/lib/gssapi/sanon/import_name.c @@ -59,17 +59,15 @@ storage_ret_der_oid(krb5_storage *sp, gss_OID_desc *oid) oid->elements = NULL; ret = krb5_ret_uint16(sp, &der_oid_len); - if (ret != 0) + if (ret == 0) + ret = krb5_ret_uint8(sp, &tag); + if (ret == 0) + ret = krb5_ret_uint8(sp, &oid_len); + if (ret) return ret; - - ret = krb5_ret_uint8(sp, &tag); if (tag != 0x06) return EINVAL; - ret = krb5_ret_uint8(sp, &oid_len); - if (ret != 0) - return ret; - if (der_oid_len != 2 + oid_len) return EINVAL; @@ -126,10 +124,11 @@ import_export_name(OM_uint32 *minor, } if (ret == 0) ret = krb5_ret_uint32(sp, &name_len); - if (name_len != 1) - ret = EINVAL; - ret = krb5_ret_uint8(sp, &is_anonymous); + if (ret == 0) + ret = krb5_ret_uint8(sp, &is_anonymous); if (ret == 0) { + if (name_len != 1) + ret = EINVAL; if (is_anonymous == 1) { *output_name = _gss_sanon_anonymous_identity; major = GSS_S_COMPLETE; diff --git a/lib/gssapi/test_context.c b/lib/gssapi/test_context.c index f96c48fcd..b9db53ea1 100644 --- a/lib/gssapi/test_context.c +++ b/lib/gssapi/test_context.c @@ -1257,7 +1257,7 @@ main(int argc, char **argv) if (maj_stat != GSS_S_COMPLETE) keyblock2 = NULL; - else if (limit_enctype && keyblock->keytype != limit_enctype) + else if (limit_enctype && keyblock && keyblock->keytype != limit_enctype) errx(1, "gsskrb5_get_subkey wrong enctype"); if (keyblock || keyblock2) { @@ -1285,7 +1285,7 @@ main(int argc, char **argv) if (ret) krb5_err(context, 1, ret, "krb5_string_to_enctype"); - if (enctype != keyblock->keytype) + if (keyblock && enctype != keyblock->keytype) errx(1, "keytype is not the expected %d != %d", (int)enctype, (int)keyblock2->keytype); }