oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: Fix warnings

Browse Source
This commit is contained in:
Nicolas Williams
2021-03-27 23:28:17 -05:00
parent 65caff79a3
commit 96b7ea671d
14 changed files with 58 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
appl/gssmask/gssmask.c
View File

@@ -951,7 +951,9 @@ HandleOP(WrapExt)
memcpy(p, iov[4].buffer.value, iov[4].buffer.length);
p += iov[4].buffer.length;
memcpy(p, iov[5].buffer.value, iov[5].buffer.length);
#if 0 /* Would be needed to keep going, but presently unused */
p += iov[5].buffer.length;
#endif
gss_release_iov_buffer(NULL, iov, iov_len);

17
appl/test/gssapi_server.c
View File

@@ -159,6 +159,8 @@ process_it(int sock,
input_token,
NULL,
output_token);
if (GSS_ERROR(maj_stat))
gss_err(1, min_stat, "gss_wrap");
write_token (sock, output_token);
gss_release_buffer (&min_stat, output_token);
@@ -184,7 +186,7 @@ proto (int sock, const char *service)
gss_name_t client_name;
struct gss_channel_bindings_struct input_chan_bindings;
gss_cred_id_t delegated_cred_handle = NULL;
krb5_ccache ccache;
krb5_ccache ccache = NULL;
u_char init_buf[4];
u_char acct_buf[4];
gss_OID mech_oid;
@@ -270,15 +272,21 @@ proto (int sock, const char *service)
printf("Using mech: %s\n", mech);
if (delegated_cred_handle != GSS_C_NO_CREDENTIAL) {
krb5_context context;
krb5_context context = NULL;
printf("Delegated cred found\n");
maj_stat = krb5_init_context(&context);
maj_stat = krb5_cc_resolve(context, "FILE:/tmp/krb5cc_test", &ccache);
min_stat = krb5_init_context(&context);
if (min_stat)
gss_err(1, min_stat, "krb5_init_context");
if (min_stat == 0)
min_stat = krb5_cc_resolve(context, "FILE:/tmp/krb5cc_test", &ccache);
if (min_stat == 0)
maj_stat = gss_krb5_copy_ccache(&min_stat,
delegated_cred_handle,
ccache);
else
maj_stat = GSS_S_FAILURE;
if (maj_stat == 0) {
krb5_principal p;
maj_stat = krb5_cc_get_principal(context, ccache, &p);
@@ -293,6 +301,7 @@ proto (int sock, const char *service)
}
}
krb5_cc_close(context, ccache);
krb5_free_context(context);
gss_release_cred(&min_stat, &delegated_cred_handle);
}

6
lib/gssapi/gss-token.c
View File

@@ -250,7 +250,7 @@ write_and_free_token(gss_buffer_t out, int negotiate)
bail:
gss_release_buffer(&min, out);
return 0;
return ret;
}
static int
@@ -402,7 +402,7 @@ static int
initiate_many(gss_name_t service, int delegate, int negotiate, int memcache,
size_t count)
{
krb5_error_code kret;
krb5_error_code kret = 0;
krb5_context kctx = NULL;
krb5_ccache def_cache = NULL;
krb5_ccache mem_cache = NULL;
@@ -567,7 +567,7 @@ print_all_mechs(void)
for (i=0; i < mech_set->count; i++)
printf("%s\n", gss_oid_to_name(&mech_set->elements[i]));
maj = gss_release_oid_set(&min, &mech_set);
(void) gss_release_oid_set(&min, &mech_set);
bail:
exit(ret);

7
lib/gssapi/krb5/arcfour.c
View File

@@ -177,7 +177,7 @@ arcfour_mic_cksum_iov(krb5_context context,
memcpy(ptr + ofs,
padding->buffer.value,
padding->buffer.length);
ofs += padding->buffer.length;
/* ofs += padding->buffer.length; */
}
ret = krb5_crypto_init(context, key, 0, &crypto);
@@ -880,6 +880,11 @@ _gssapi_wrap_iov_length_arcfour(OM_uint32 *minor_status,
}
}
if (header == NULL) {
*minor_status = EINVAL;
return GSS_S_FAILURE;
}
major_status = _gk_verify_buffers(minor_status, ctx, header,
padding, trailer, FALSE);
if (major_status != GSS_S_COMPLETE) {

6
lib/gssapi/mech/gss_cred.c
View File

@@ -262,8 +262,7 @@ gss_import_cred(OM_uint32 * minor_status,
goto out;
}
if (m->gm_import_cred == NULL &&
!gss_oid_equal(&m->gm_mech_oid, GSS_SPNEGO_MECHANISM)) {
if (m->gm_import_cred == NULL) {
*minor_status = 0;
major = GSS_S_BAD_MECH;
goto out;
@@ -287,8 +286,7 @@ gss_import_cred(OM_uint32 * minor_status,
continue;
}
major = m->gm_import_cred(minor_status,
&buffer, &mcred);
major = m->gm_import_cred(minor_status, &buffer, &mcred);
gss_release_buffer(&junk, &buffer);
if (major != GSS_S_COMPLETE)
goto out;

4
lib/gssapi/mech/gss_export_sec_context.c
View File

@@ -72,6 +72,10 @@ gss_export_sec_context(OM_uint32 *minor_status,
verflags |= EXPORT_CONTEXT_FLAG_MECH_CTX;
kret = krb5_store_uint8(sp, verflags);
if (kret) {
*minor_status = kret;
goto failure;
}
if (ctx->gc_target_len) {
_gss_mg_log(10, "gss-esc: exporting partial token %zu/%zu",

2
lib/gssapi/mech/gss_import_name.c
View File

@@ -133,7 +133,7 @@ _gss_import_export_name(OM_uint32 *minor_status,
len -= t;
t = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
p += 4;
/* p += 4; // we're done using `p' now */
len -= 4;
if (len != t)

6
lib/gssapi/mech/gss_import_sec_context.c
View File

@@ -42,9 +42,9 @@ gss_import_sec_context(OM_uint32 *minor_status,
_gss_mg_log(10, "gss-isc called");
if (!minor_status || !context_handle) {
if (!context_handle) {
*minor_status = EFAULT;
return GSS_S_FAILURE;
return GSS_S_CALL_INACCESSIBLE_WRITE;
}
*minor_status = 0;
@@ -87,7 +87,7 @@ gss_import_sec_context(OM_uint32 *minor_status,
if (ret != GSS_S_COMPLETE)
goto failure;
ctx->gc_input.value = calloc(target_len, 1);
ctx->gc_free_this = ctx->gc_input.value = calloc(target_len, 1);
if (ctx->gc_input.value == NULL)
goto failure;

1
lib/gssapi/mech/gss_krb5.c
View File

@@ -520,6 +520,7 @@ gss_krb5_ccache_name(OM_uint32 *minor_status,
}
}
if (out_name)
*out_name = args.out_name;
return major_status;

2
lib/gssapi/mech/gss_mech_switch.c
View File

@@ -137,6 +137,8 @@ _gss_string_to_oid(const char* s, gss_OID *oidp)
}
}
}
if (byte_count == 0)
return EINVAL;
if (!res) {
res = malloc(byte_count);
if (!res)

4
lib/gssapi/mech/gss_pname_to_uid.c
View File

@@ -158,6 +158,10 @@ gss_pname_to_uid(OM_uint32 *minor_status,
major = gss_localname(minor_status, pname, mech_type, &localname);
if (GSS_ERROR(major))
return major;
if (localname.length == 0) {
*minor_status = KRB5_NO_LOCALNAME;
return GSS_S_FAILURE;
}
szLocalname = malloc(localname.length + 1);
if (szLocalname == NULL) {

2
lib/gssapi/ntlm/init_sec_context.c
View File

@@ -56,6 +56,8 @@ from_file(const char *fn, const char *target_domain,
d = strtok_r(buf, ":", &str);
free(*domainp);
*domainp = NULL;
if (!d)
continue;
if (d && target_domain != NULL && strcasecmp(target_domain, d) != 0)
continue;
*domainp = strdup(d);

17
lib/gssapi/sanon/import_name.c
View File

@@ -59,17 +59,15 @@ storage_ret_der_oid(krb5_storage *sp, gss_OID_desc *oid)
oid->elements = NULL;
ret = krb5_ret_uint16(sp, &der_oid_len);
if (ret != 0)
return ret;
if (ret == 0)
ret = krb5_ret_uint8(sp, &tag);
if (ret == 0)
ret = krb5_ret_uint8(sp, &oid_len);
if (ret)
return ret;
if (tag != 0x06)
return EINVAL;
ret = krb5_ret_uint8(sp, &oid_len);
if (ret != 0)
return ret;
if (der_oid_len != 2 + oid_len)
return EINVAL;
@@ -126,10 +124,11 @@ import_export_name(OM_uint32 *minor,
}
if (ret == 0)
ret = krb5_ret_uint32(sp, &name_len);
if (name_len != 1)
ret = EINVAL;
if (ret == 0)
ret = krb5_ret_uint8(sp, &is_anonymous);
if (ret == 0) {
if (name_len != 1)
ret = EINVAL;
if (is_anonymous == 1) {
*output_name = _gss_sanon_anonymous_identity;
major = GSS_S_COMPLETE;

4
lib/gssapi/test_context.c
View File

@@ -1257,7 +1257,7 @@ main(int argc, char **argv)
if (maj_stat != GSS_S_COMPLETE)
keyblock2 = NULL;
else if (limit_enctype && keyblock->keytype != limit_enctype)
else if (limit_enctype && keyblock && keyblock->keytype != limit_enctype)
errx(1, "gsskrb5_get_subkey wrong enctype");
if (keyblock || keyblock2) {
@@ -1285,7 +1285,7 @@ main(int argc, char **argv)
if (ret)
krb5_err(context, 1, ret, "krb5_string_to_enctype");
if (enctype != keyblock->keytype)
if (keyblock && enctype != keyblock->keytype)
errx(1, "keytype is not the expected %d != %d",
(int)enctype, (int)keyblock2->keytype);
}