diff --git a/lib/hdb/common.c b/lib/hdb/common.c index 0e3466db7..55e07c10b 100644 --- a/lib/hdb/common.c +++ b/lib/hdb/common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -102,7 +102,7 @@ krb5_error_code _hdb_fetch(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) { krb5_data key, value; - int code; + int code = 0; hdb_principal2key(context, entry->principal, &key); code = db->_get(context, db, key, &value); @@ -110,10 +110,13 @@ _hdb_fetch(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) if(code) return code; hdb_value2entry(context, &value, entry); - if (db->master_key_set && (flags & HDB_F_DECRYPT)) - hdb_unseal_keys (context, db, entry); + if (db->master_key_set && (flags & HDB_F_DECRYPT)) { + code = hdb_unseal_keys (context, db, entry); + if (code) + hdb_free_entry(context, entry); + } krb5_data_free(&value); - return 0; + return code; } krb5_error_code @@ -123,7 +126,11 @@ _hdb_store(krb5_context context, HDB *db, unsigned flags, hdb_entry *entry) int code; hdb_principal2key(context, entry->principal, &key); - hdb_seal_keys(context, db, entry); + code = hdb_seal_keys(context, db, entry); + if (code) { + krb5_data_free(&key); + return code; + } hdb_entry2value(context, entry, &value); code = db->_put(context, db, flags & HDB_F_REPLACE, key, value); krb5_data_free(&value); diff --git a/lib/hdb/db.c b/lib/hdb/db.c index 35fae8448..40613f6a6 100644 --- a/lib/hdb/db.c +++ b/lib/hdb/db.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -102,13 +102,21 @@ DB_seq(krb5_context context, HDB *db, data.length = value.size; if (hdb_value2entry(context, &data, entry)) return DB_seq(context, db, flags, entry, R_NEXT); - if (db->master_key_set && (flags & HDB_F_DECRYPT)) - hdb_unseal_keys (context, db, entry); - if (entry->principal == NULL) { - entry->principal = malloc(sizeof(*entry->principal)); - hdb_key2principal(context, &key_data, entry->principal); + if (db->master_key_set && (flags & HDB_F_DECRYPT)) { + code = hdb_unseal_keys (context, db, entry); + if (code) + hdb_free_entry (context, entry); } - return 0; + if (code == 0 && entry->principal == NULL) { + entry->principal = malloc(sizeof(*entry->principal)); + if (entry->principal == NULL) { + code = ENOMEM; + hdb_free_entry (context, entry); + } else { + hdb_key2principal(context, &key_data, entry->principal); + } + } + return code; } diff --git a/lib/hdb/db3.c b/lib/hdb/db3.c index daf34c4f4..ac9e90592 100644 --- a/lib/hdb/db3.c +++ b/lib/hdb/db3.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -107,11 +107,19 @@ DB_seq(krb5_context context, HDB *db, data.length = value.size; if (hdb_value2entry(context, &data, entry)) return DB_seq(context, db, flags, entry, DB_NEXT); - if (db->master_key_set && (flags & HDB_F_DECRYPT)) - hdb_unseal_keys (context, db, entry); + if (db->master_key_set && (flags & HDB_F_DECRYPT)) { + code = hdb_unseal_keys (context, db, entry); + if (code) + hdb_free_entry (context, entry); + } if (entry->principal == NULL) { entry->principal = malloc(sizeof(*entry->principal)); - hdb_key2principal(context, &key_data, entry->principal); + if (entry->principal == NULL) { + code = ENOMEM; + hdb_free_entry (context, entry); + } else { + hdb_key2principal(context, &key_data, entry->principal); + } } return 0; } diff --git a/lib/hdb/hdb-ldap.c b/lib/hdb/hdb-ldap.c index 8242859cd..1ab5fa3cb 100644 --- a/lib/hdb/hdb-ldap.c +++ b/lib/hdb/hdb-ldap.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2000, PADL Software Pty Ltd. + * Copyright (c) 1999 - 2001, PADL Software Pty Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -888,8 +888,11 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry * entry) } while (rc == LDAP_RES_SEARCH_REFERENCE); if (ret == 0) { - if (db->master_key_set && (flags & HDB_F_DECRYPT)) - hdb_unseal_keys(context, db, entry); + if (db->master_key_set && (flags & HDB_F_DECRYPT)) { + ret = hdb_unseal_keys(context, db, entry); + if (ret) + hdb_free_entry(context,entry); + } } return ret; @@ -1106,8 +1109,11 @@ LDAP_fetch(krb5_context context, HDB * db, unsigned flags, ret = LDAP_message2entry(context, db, e, entry); if (ret == 0) { - if (db->master_key_set && (flags & HDB_F_DECRYPT)) - hdb_unseal_keys(context, db, entry); + if (db->master_key_set && (flags & HDB_F_DECRYPT)) { + ret = hdb_unseal_keys(context, db, entry); + if (ret) + hdb_free_entry(context,entry); + } } out: @@ -1135,7 +1141,9 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags, e = ldap_first_entry((LDAP *) db->db, msg); } - hdb_seal_keys(context, db, entry); + ret = hdb_seal_keys(context, db, entry); + if (ret) + goto out; /* turn new entry into LDAPMod array */ ret = LDAP_entry2mods(context, db, entry, e, &mods); diff --git a/lib/hdb/ndbm.c b/lib/hdb/ndbm.c index 8d956d2bb..325cb3010 100644 --- a/lib/hdb/ndbm.c +++ b/lib/hdb/ndbm.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -75,7 +75,7 @@ NDBM_seq(krb5_context context, HDB *db, struct ndbm_db *d = (struct ndbm_db *)db->db; datum key, value; krb5_data key_data, data; - krb5_error_code ret; + krb5_error_code ret = 0; if(first) key = dbm_firstkey(d->db); @@ -93,13 +93,21 @@ NDBM_seq(krb5_context context, HDB *db, data.length = value.dsize; if(hdb_value2entry(context, &data, entry)) return NDBM_seq(context, db, flags, entry, 0); - if (db->master_key_set && (flags & HDB_F_DECRYPT)) - hdb_unseal_keys (context, db, entry); + if (db->master_key_set && (flags & HDB_F_DECRYPT)) { + ret = hdb_unseal_keys (context, db, entry); + if (ret) + hdb_free_entry (context, entry); + } if (entry->principal == NULL) { entry->principal = malloc (sizeof(*entry->principal)); - hdb_key2principal (context, &key_data, entry->principal); + if (entry->principal == NULL) { + ret = ENOMEM; + hdb_free_entry (context, entry); + } else { + hdb_key2principal (context, &key_data, entry->principal); + } } - return 0; + return ret; } diff --git a/lib/kadm5/chpass_s.c b/lib/kadm5/chpass_s.c index 591fb22d8..d75c945a5 100644 --- a/lib/kadm5/chpass_s.c +++ b/lib/kadm5/chpass_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -84,7 +84,9 @@ change(void *server_handle, if (ret) goto out2; - hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) + goto out2; kadm5_log_modify (context, &ent, @@ -156,7 +158,9 @@ kadm5_s_chpass_principal_with_key(void *server_handle, if (ret) goto out2; - hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) + goto out2; kadm5_log_modify (context, &ent, diff --git a/lib/kadm5/create_s.c b/lib/kadm5/create_s.c index 267dd1194..a05e61576 100644 --- a/lib/kadm5/create_s.c +++ b/lib/kadm5/create_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -124,7 +124,9 @@ kadm5_s_create_principal_with_key(void *server_handle, if(ret) goto out; - hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) + goto out; kadm5_log_create (context, &ent); @@ -175,8 +177,12 @@ kadm5_s_create_principal(void *server_handle, ent.keys.val[2].salt->type = hdb_pw_salt; ent.keys.val[3].key.keytype = ETYPE_DES3_CBC_SHA1; ret = _kadm5_set_keys(context, &ent, password); + if (ret) + goto out; - hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) + goto out; kadm5_log_create (context, &ent); diff --git a/lib/kadm5/delete_s.c b/lib/kadm5/delete_s.c index 64690b0a9..55483bf0a 100644 --- a/lib/kadm5/delete_s.c +++ b/lib/kadm5/delete_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -57,7 +57,9 @@ kadm5_s_delete_principal(void *server_handle, krb5_principal princ) goto out; } - hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) + goto out; kadm5_log_delete (context, princ); diff --git a/lib/kadm5/modify_s.c b/lib/kadm5/modify_s.c index 6ae8df48f..7dd721440 100644 --- a/lib/kadm5/modify_s.c +++ b/lib/kadm5/modify_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -63,7 +63,9 @@ modify_principal(void *server_handle, if(ret) goto out2; - hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) + goto out2; kadm5_log_modify (context, &ent, diff --git a/lib/kadm5/randkey_s.c b/lib/kadm5/randkey_s.c index ebc2d3ff7..7a2c7cf97 100644 --- a/lib/kadm5/randkey_s.c +++ b/lib/kadm5/randkey_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -72,7 +72,9 @@ kadm5_s_randkey_principal(void *server_handle, if (ret) goto out2; - hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) + goto out2; kadm5_log_modify (context, &ent, diff --git a/lib/kadm5/rename_s.c b/lib/kadm5/rename_s.c index 49626a642..8a2d4c06a 100644 --- a/lib/kadm5/rename_s.c +++ b/lib/kadm5/rename_s.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -82,7 +82,11 @@ kadm5_s_rename_principal(void *server_handle, ent2.principal = ent.principal; ent.principal = target; - hdb_seal_keys(context->context, context->db, &ent); + ret = hdb_seal_keys(context->context, context->db, &ent); + if (ret) { + ent.principal = ent2.principal; + goto out2; + } kadm5_log_rename (context, source,