From b7bf5ca6e8b750cdcf20e1cb290e71bf87c2d821 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Sat, 27 Mar 2021 23:24:24 -0500
Subject: [PATCH] kadmin: Fix warnings

---
 kadmin/add_enctype.c |  4 ++--
 kadmin/ank.c         | 10 ++++++----
 kadmin/del.c         | 12 +++++++-----
 kadmin/ext.c         |  2 +-
 kadmin/kadmind.c     |  2 ++
 kadmin/load.c        |  4 ++--
 kadmin/mod.c         | 15 ++++++++++++---
 kadmin/server.c      |  4 ++++
 kadmin/stash.c       |  5 ++++-
 9 files changed, 40 insertions(+), 18 deletions(-)

diff --git a/kadmin/add_enctype.c b/kadmin/add_enctype.c
index 0ababf4f1..d128ab7f4 100644
--- a/kadmin/add_enctype.c
+++ b/kadmin/add_enctype.c
@@ -46,7 +46,7 @@ add_enctype(struct add_enctype_options*opt, int argc, char **argv)
     krb5_error_code ret;
     const char *princ_name;
     int i, j;
-    krb5_key_data *new_key_data;
+    krb5_key_data *new_key_data = NULL;
     int n_etypes;
     krb5_enctype *etypes;
 
@@ -108,7 +108,6 @@ add_enctype(struct add_enctype_options*opt, int argc, char **argv)
 		/* XXX Should this be an error?  The admin can del_enctype... */
 		krb5_warnx(context, "enctype %d already exists",
 			   (int)etypes[j]);
-		free(new_key_data);
 		goto out;
 	    }
 	}
@@ -163,6 +162,7 @@ add_enctype(struct add_enctype_options*opt, int argc, char **argv)
     if (ret)
 	krb5_warn(context, ret, "kadm5_modify_principal");
 out:
+    free(new_key_data);
     krb5_free_principal (context, princ_ent);
     kadm5_free_principal_ent(kadm_handle, &princ);
 out2:
diff --git a/kadmin/ank.c b/kadmin/ank.c
index 1e5cd6117..3683c38ad 100644
--- a/kadmin/ank.c
+++ b/kadmin/ank.c
@@ -464,10 +464,12 @@ add_one_namespace(const char *name,
 
     /* XXX Shouldn't need a password for this */
     random_password(pwbuf, sizeof(pwbuf));
-    ret = kadm5_create_principal_3(kadm_handle, &princ, mask,
-                                   nkstuple, kstuple, pwbuf);
-    if (ret)
-	krb5_warn(context, ret, "kadm5_create_principal_3");
+    if (ret == 0) {
+        ret = kadm5_create_principal_3(kadm_handle, &princ, mask,
+                                       nkstuple, kstuple, pwbuf);
+        if (ret)
+            krb5_warn(context, ret, "kadm5_create_principal_3");
+    }
 
     kadm5_free_principal_ent(kadm_handle, &princ); /* frees princ_ent */
     if (default_ent)
diff --git a/kadmin/del.c b/kadmin/del.c
index 089ee8b0d..a066f56ea 100644
--- a/kadmin/del.c
+++ b/kadmin/del.c
@@ -61,12 +61,15 @@ do_del_ns_entry(krb5_principal nsp, void *data)
     krb5_principal p = NULL;
     const char *comp0 = krb5_principal_get_comp_string(context, nsp, 0);
     const char *comp1 = krb5_principal_get_comp_string(context, nsp, 1);
-    char *unsp = NULL;
 
     if (krb5_principal_get_num_comp(context, nsp) != 2) {
-        (void) krb5_unparse_name(context, nsp, &unsp);
-        krb5_warn(context, ret = EINVAL, "Not a valid namespace name %s",
-                   unsp ? unsp : "<Out of memory>");
+        char *unsp = NULL;
+
+        ret = krb5_unparse_name(context, nsp, &unsp);
+        krb5_warn(context, ret,
+                  "Not a valid namespace name (component count is not 2): %s",
+                  unsp ? unsp : "<out of memory>");
+        free(unsp);
         return EINVAL;
     }
 
@@ -80,7 +83,6 @@ do_del_ns_entry(krb5_principal nsp, void *data)
     if (ret == 0)
         ret = kadm5_delete_principal(kadm_handle, p);
     krb5_free_principal(context, p);
-    free(unsp);
     return ret;
 }
 
diff --git a/kadmin/ext.c b/kadmin/ext.c
index 01725d96e..adb2e2851 100644
--- a/kadmin/ext.c
+++ b/kadmin/ext.c
@@ -148,7 +148,7 @@ do_ext_keytab(krb5_principal principal, void *data)
     }
     free(unparsed);
     free(keys);
-    return 0;
+    return ret;
 }
 
 int
diff --git a/kadmin/kadmind.c b/kadmin/kadmind.c
index 10bbea840..444950623 100644
--- a/kadmin/kadmind.c
+++ b/kadmin/kadmind.c
@@ -134,6 +134,8 @@ main(int argc, char **argv)
 
     argc -= optidx;
     argv += optidx;
+    if (argc != 0)
+        usage(1);
 
     if (config_file == NULL) {
 	int aret;
diff --git a/kadmin/load.c b/kadmin/load.c
index 971c24793..7f434fc15 100644
--- a/kadmin/load.c
+++ b/kadmin/load.c
@@ -367,7 +367,7 @@ my_fgetln(FILE *f, char **bufp, size_t *szp, size_t *lenp)
     size_t len;
     size_t sz = *szp;
     char *buf = *bufp;
-    char *p, *n;
+    char *n;
 
     if (!buf) {
         buf = malloc(sz ? sz : 8192);
@@ -378,7 +378,7 @@ my_fgetln(FILE *f, char **bufp, size_t *szp, size_t *lenp)
     }
 
     len = 0;
-    while ((p = fgets(&buf[len], sz-len, f)) != NULL) {
+    while (fgets(&buf[len], sz-len, f) != NULL) {
         len += strlen(&buf[len]);
         if (buf[len-1] == '\n')
             break;
diff --git a/kadmin/mod.c b/kadmin/mod.c
index 9541c6efc..7c7b2dd7c 100644
--- a/kadmin/mod.c
+++ b/kadmin/mod.c
@@ -123,7 +123,7 @@ static void
 add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ,
 	    struct getarg_strings *strings)
 {
-    krb5_error_code ret;
+    krb5_error_code ret = 0;
     HDB_extension ext;
     krb5_data buf;
     krb5_principal p;
@@ -144,9 +144,16 @@ add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ,
 		   sizeof(ext.data.u.aliases.aliases.val[0]));
 	ext.data.u.aliases.aliases.len = strings->num_strings;
 
-	for (i = 0; i < strings->num_strings; i++) {
+	for (i = 0; ret == 0 && i < strings->num_strings; i++) {
 	    ret = krb5_parse_name(contextp, strings->strings[i], &p);
-	    ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
+            if (ret)
+                krb5_err(contextp, 1, ret, "Could not parse alias %s",
+                         strings->strings[i]);
+            if (ret == 0)
+                ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
+            if (ret)
+                krb5_err(contextp, 1, ret, "Could not copy parsed alias %s",
+                         strings->strings[i]);
 	    krb5_free_principal(contextp, p);
 	}
     }
@@ -224,6 +231,7 @@ add_etypes(krb5_context contextp,
         if (ret) {
             krb5_warn(contextp, ret, "Could not parse enctype %s",
                       strings->strings[i]);
+            free(etypes.val);
             return ret;
         }
         etypes.val[i] = etype;
@@ -236,6 +244,7 @@ add_etypes(krb5_context contextp,
     if (ret || buf.length != size)
         abort();
     add_tl(princ, KRB5_TL_ETYPES, &buf);
+    free(etypes.val);
     return 0;
 }
 
diff --git a/kadmin/server.c b/kadmin/server.c
index cbe16948c..f1f250c8f 100644
--- a/kadmin/server.c
+++ b/kadmin/server.c
@@ -691,6 +691,10 @@ iter_aliases(kadm5_principal_ent_rec *from,
 
     if (ctx->done > 0)
         return 0;
+    if (from == NULL) {
+        ctx->done = 1;
+        return 0;
+    }
 
     if (ctx->done == 0) {
         if (ctx->alias_idx < ctx->aliases.aliases.len) {
diff --git a/kadmin/stash.c b/kadmin/stash.c
index 785de43f8..c33623038 100644
--- a/kadmin/stash.c
+++ b/kadmin/stash.c
@@ -106,7 +106,10 @@ stash(struct stash_options *opt, int argc, char **argv)
 	    }
 	}
 	ret = krb5_string_to_key_salt(context, enctype, buf, salt, &key);
-	ret = hdb_add_master_key(context, &key, &mkey);
+        if (ret == 0)
+            ret = hdb_add_master_key(context, &key, &mkey);
+        if (ret)
+            krb5_warn(context, errno, "setting master key");
 	krb5_free_keyblock_contents(context, &key);
     }