diff --git a/appl/afsutil/afslog.c b/appl/afsutil/afslog.c index bd6807d01..0ae61b3ae 100644 --- a/appl/afsutil/afslog.c +++ b/appl/afsutil/afslog.c @@ -61,15 +61,16 @@ struct getargs args[] = { { "cell", 'c', arg_strings, &cells, "cells to get tokens for", "cell" }, { "file", 'p', arg_strings, &files, "files to get tokens for", "path" }, { "realm", 'k', arg_string, &realm, "realm for afs cell", "realm" }, - { "unlog", 'u', arg_flag, &unlog_flag, "remove tokens" }, + { "unlog", 'u', arg_flag, &unlog_flag, "remove tokens", NULL }, #ifdef KRB5 { "principal",'P',arg_string,&client_string,"principal to use","principal"}, { "cache", 0, arg_string, &cache_string, "ccache to use", "cache"}, - { "v5", 0, arg_negative_flag, &use_krb5, "don't use Kerberos 5" }, + { "v5", 0, arg_negative_flag, &use_krb5, "don't use Kerberos 5", + NULL }, #endif - { "verbose",'v', arg_flag, &verbose }, - { "version", 0, arg_flag, &version_flag }, - { "help", 'h', arg_flag, &help_flag }, + { "verbose",'v', arg_flag, &verbose, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/appl/afsutil/pagsh.c b/appl/afsutil/pagsh.c index bfc5dce87..5801441d7 100644 --- a/appl/afsutil/pagsh.c +++ b/appl/afsutil/pagsh.c @@ -73,12 +73,12 @@ static char *typename_arg; #endif struct getargs getargs[] = { - { NULL, 'c', arg_flag, &c_flag }, + { NULL, 'c', arg_flag, &c_flag, NULL, NULL }, #ifdef KRB5 - { "cache-type", 0, arg_string, &typename_arg }, + { "cache-type", 0, arg_string, &typename_arg, NULL, NULL }, #endif - { "version", 0, arg_flag, &version_flag }, - { "help", 'h', arg_flag, &help_flag }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, }; static int num_args = sizeof(getargs) / sizeof(getargs[0]); diff --git a/appl/ftp/ftp/Makefile.am b/appl/ftp/ftp/Makefile.am index e47580dfc..8bda036e5 100644 --- a/appl/ftp/ftp/Makefile.am +++ b/appl/ftp/ftp/Makefile.am @@ -2,6 +2,8 @@ include $(top_srcdir)/Makefile.am.common +WFLAGS += $(WFLAGS_LITE) + AM_CPPFLAGS += -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_hcrypto) bin_PROGRAMS = ftp diff --git a/appl/ftp/ftp/cmds.c b/appl/ftp/ftp/cmds.c index dbd5d581e..778cd563a 100644 --- a/appl/ftp/ftp/cmds.c +++ b/appl/ftp/ftp/cmds.c @@ -210,7 +210,7 @@ struct types { { "image", "I", TYPE_I, 0 }, { "ebcdic", "E", TYPE_E, 0 }, { "tenex", "L", TYPE_L, bytename }, - { NULL } + { NULL, NULL, 0, NULL } }; /* @@ -1316,7 +1316,8 @@ user(int argc, char **argv) if (n == CONTINUE) { if (argc < 4) { printf("Account: "); fflush(stdout); - fgets(acctstr, sizeof(acctstr) - 1, stdin); + if (fgets(acctstr, sizeof(acctstr) - 1, stdin) == NULL) + acctstr[0] = '\0'; acctstr[strcspn(acctstr, "\r\n")] = '\0'; argv[3] = acctstr; argc++; } diff --git a/appl/ftp/ftp/cmdtab.c b/appl/ftp/ftp/cmdtab.c index 7b4c32942..f3a5493c9 100644 --- a/appl/ftp/ftp/cmdtab.c +++ b/appl/ftp/ftp/cmdtab.c @@ -197,7 +197,7 @@ struct cmd cmdtab[] = { { "afslog", afsloghelp, 0, 1, 0, afslog }, #endif - { 0 }, + { NULL, NULL, 0, 0, 0, NULL }, }; int NCMDS = (sizeof (cmdtab) / sizeof (cmdtab[0])) - 1; diff --git a/appl/ftp/ftpd/ftpd.c b/appl/ftp/ftpd/ftpd.c index 5be67c866..924ea23b3 100644 --- a/appl/ftp/ftpd/ftpd.c +++ b/appl/ftp/ftpd/ftpd.c @@ -212,25 +212,32 @@ static int version_flag; static const char *good_chars = "+-=_,."; struct getargs args[] = { - { NULL, 'a', arg_string, &auth_string, "required authentication" }, - { NULL, 'i', arg_flag, &interactive_flag, "don't assume stdin is a socket" }, - { NULL, 'p', arg_string, &port_string, "what port to listen to" }, - { NULL, 'g', arg_string, &guest_umask_string, "umask for guest logins" }, + { NULL, 'a', arg_string, &auth_string, "required authentication", NULL }, + { NULL, 'i', arg_flag, &interactive_flag, "don't assume stdin is a socket", + NULL }, + { NULL, 'p', arg_string, &port_string, "what port to listen to", NULL }, + { NULL, 'g', arg_string, &guest_umask_string, "umask for guest logins", + NULL }, { NULL, 'l', arg_counter, &logging, "log more stuff", "" }, - { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" }, - { NULL, 'T', arg_integer, &maxtimeout, "max timeout" }, - { NULL, 'u', arg_string, &umask_string, "umask for user logins" }, - { NULL, 'U', arg_negative_flag, &restricted_data_ports, "don't use high data ports" }, - { NULL, 'd', arg_flag, &debug, "enable debugging" }, - { NULL, 'v', arg_flag, &debug, "enable debugging" }, - { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" }, - { "good-chars", 0, arg_string, &good_chars, "allowed anonymous upload filename chars" }, - { "insecure-oob", 'I', arg_negative_flag, &allow_insecure_oob, "don't allow insecure OOB ABOR/STAT" }, + { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout", NULL }, + { NULL, 'T', arg_integer, &maxtimeout, "max timeout", NULL }, + { NULL, 'u', arg_string, &umask_string, "umask for user logins", NULL }, + { NULL, 'U', arg_negative_flag, &restricted_data_ports, + "don't use high data ports", NULL }, + { NULL, 'd', arg_flag, &debug, "enable debugging", NULL }, + { NULL, 'v', arg_flag, &debug, "enable debugging", NULL }, + { "builtin-ls", 'B', arg_flag, &use_builtin_ls, + "use built-in ls to list files", NULL }, + { "good-chars", 0, arg_string, &good_chars, + "allowed anonymous upload filename chars", NULL }, + { "insecure-oob", 'I', arg_negative_flag, &allow_insecure_oob, + "don't allow insecure OOB ABOR/STAT", NULL }, #ifdef KRB5 - { "gss-bindings", 0, arg_flag, &ftp_do_gss_bindings, "Require GSS-API bindings", NULL}, + { "gss-bindings", 0, arg_flag, &ftp_do_gss_bindings, + "Require GSS-API bindings", NULL}, #endif - { "version", 0, arg_flag, &version_flag }, - { "help", 'h', arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); @@ -972,7 +979,7 @@ retrieve(const char *cmd, char *name) {".tar.Z", "/bin/gtar ZcPf - %s", NULL}, {".gz", "/bin/gzip -c -- %s", "/bin/gzip -c -d -- %s"}, {".Z", "/bin/compress -c -- %s", "/bin/uncompress -c -- %s"}, - {NULL, NULL} + {NULL, NULL, NULL} }; struct cmds *p; for(p = cmds; p->ext; p++){ @@ -1272,7 +1279,7 @@ dataconn(const char *name, off_t size, const char *mode) close(pdata); pdata = s; #if defined(IPTOS_THROUGHPUT) - if (from->sa_family == AF_INET) + if (from_ss.ss_family == AF_INET) socket_set_tos(s, IPTOS_THROUGHPUT); #endif reply(150, "Opening %s mode data connection for '%s'%s.", diff --git a/appl/ftp/ftpd/logwtmp.c b/appl/ftp/ftpd/logwtmp.c index 59f45b205..3a1baea69 100644 --- a/appl/ftp/ftpd/logwtmp.c +++ b/appl/ftp/ftpd/logwtmp.c @@ -107,7 +107,9 @@ static void ftpd_logwtmp_wtmp(char *line, char *name, char *host) { static int init = 0; +#ifdef WTMP_FILE static int fd; +#endif #ifdef WTMPX_FILE static int fdx; #endif @@ -117,6 +119,9 @@ ftpd_logwtmp_wtmp(char *line, char *name, char *host) #if defined(WTMPX_FILE) || defined(HAVE_UTMPX_H) struct utmpx utx; #endif +#if defined(WTMP_FILE) || defined(WTMPX_FILE) + ssize_t ret; +#endif #ifdef HAVE_UTMPX_H memset(&utx, 0, sizeof(struct utmpx)); @@ -176,14 +181,18 @@ ftpd_logwtmp_wtmp(char *line, char *name, char *host) #endif init = 1; } +#if defined(WTMP_FILE) || defined(WTMPX_FILE) if(fd >= 0) { #ifdef WTMP_FILE - write(fd, &ut, sizeof(struct utmp)); /* XXX */ + ret = write(fd, &ut, sizeof(struct utmp)); /* XXX */ #endif #ifdef WTMPX_FILE - write(fdx, &utx, sizeof(struct utmpx)); + ret = write(fdx, &utx, sizeof(struct utmpx)); #endif + if (ret == -1) + syslog(LOG_ERR, "ftpd_logwtmp_wtmp(): write(2) failed: %m"); } +#endif } #endif /* !HAVE_ASL_H */ diff --git a/appl/gssmask/gssmaestro.c b/appl/gssmask/gssmaestro.c index c972cada2..90fa43536 100644 --- a/appl/gssmask/gssmaestro.c +++ b/appl/gssmask/gssmaestro.c @@ -280,7 +280,7 @@ wait_log(struct client *c) if (fd < 0) err(1, "failed to build socket for %s's logging port", c->moniker); - ((struct sockaddr *)&sast)->sa_family = c->sa->sa_family; + sast.ss_family = c->sa->sa_family; ret = bind(fd, (struct sockaddr *)&sast, c->salen); if (ret < 0) err(1, "failed to bind %s's logging port", c->moniker); diff --git a/appl/gssmask/gssmask.c b/appl/gssmask/gssmask.c index 98a073849..5a454fc81 100644 --- a/appl/gssmask/gssmask.c +++ b/appl/gssmask/gssmask.c @@ -73,10 +73,13 @@ logmessage(struct client *c, const char *file, unsigned int lineno, char *message; va_list ap; int32_t ackid; + int ret; va_start(ap, fmt); - vasprintf(&message, fmt, ap); + ret = vasprintf(&message, fmt, ap); va_end(ap); + if (ret == -1) + errx(1, "out of memory"); if (logfile) fprintf(logfile, "%s:%u: %d %s\n", file, lineno, level, message); @@ -643,6 +646,7 @@ HandleOP(GetVersionAndCapabilities) { int32_t cap = HAS_MONIKER; char name[256] = "unknown", *str; + int ret; if (targetname) cap |= ISSERVER; /* is server */ @@ -657,7 +661,9 @@ HandleOP(GetVersionAndCapabilities) } #endif - asprintf(&str, "gssmask %s %s", PACKAGE_STRING, name); + ret = asprintf(&str, "gssmask %s %s", PACKAGE_STRING, name); + if (ret == -1) + errx(1, "out of memory"); put32(c, GSSMAGGOTPROTOCOL); put32(c, cap); @@ -1084,6 +1090,7 @@ static struct client * create_client(int fd, int port, const char *moniker) { struct client *c; + int ret; c = ecalloc(1, sizeof(*c)); @@ -1092,9 +1099,14 @@ create_client(int fd, int port, const char *moniker) } else { char hostname[MAXHOSTNAMELEN]; gethostname(hostname, sizeof(hostname)); - asprintf(&c->moniker, "gssmask: %s:%d", hostname, port); + ret = asprintf(&c->moniker, "gssmask: %s:%d", hostname, port); + if (ret == -1) + c->moniker = NULL; } + if (!c->moniker) + errx(1, "out of memory"); + { c->salen = sizeof(c->sa); getpeername(fd, (struct sockaddr *)&c->sa, &c->salen); diff --git a/appl/kf/kf.c b/appl/kf/kf.c index e3e72ab06..bce958b98 100644 --- a/appl/kf/kf.c +++ b/appl/kf/kf.c @@ -51,8 +51,8 @@ static struct getargs args[] = { "Forward forwardable credentials", NULL }, { "forwardable",'G',arg_negative_flag,&forwardable, "Don't forward forwardable credentials", NULL }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 0, arg_flag, &version_flag } + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/appl/kf/kfd.c b/appl/kf/kfd.c index 71f48c935..ee76a260c 100644 --- a/appl/kf/kfd.c +++ b/appl/kf/kfd.c @@ -49,8 +49,8 @@ static struct getargs args[] = { { "inetd",'i',arg_flag, &do_inetd, "Not started from inetd", NULL }, { "regpag",'R',arg_string,®pag_str,"path to regpag binary","regpag"}, - { "help", 'h', arg_flag, &help_flag }, - { "version", 0, arg_flag, &version_flag } + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/appl/kx/krb5.c b/appl/kx/krb5.c index eeb62a2d2..ded9236ef 100644 --- a/appl/kx/krb5.c +++ b/appl/kx/krb5.c @@ -65,17 +65,19 @@ ksyslog(krb5_context context, krb5_error_code ret, const char *fmt, ...) const char *msg; char *str = NULL; va_list va; + int aret; msg = krb5_get_error_message(context, ret); va_start(va, fmt); - vasprintf(&str, fmt, va); + aret = vasprintf(&str, fmt, va); va_end(va); - syslog(LOG_ERR, "%s: %s", str, msg); + syslog(LOG_ERR, "%s: %s", aret != -1 ? str : "(nil)", msg); krb5_free_error_message(context, msg); - free(str); + if (aret != -1) + free(str); } /* diff --git a/appl/kx/kx.c b/appl/kx/kx.c index ffc2e85b5..66363939b 100644 --- a/appl/kx/kx.c +++ b/appl/kx/kx.c @@ -616,13 +616,13 @@ struct getargs args[] = { { "user", 'l', arg_string, &user, "Run as this user", NULL }, { "tcp", 't', arg_flag, &tcp_flag, - "Use a TCP connection for X11" }, + "Use a TCP connection for X11", NULL }, { "passive", 'P', arg_flag, &passive_flag, - "Force a passive connection" }, + "Force a passive connection", NULL }, { "keepalive", 'k', arg_negative_flag, &keepalive_flag, - "disable keep-alives" }, + "disable keep-alives", NULL }, { "debug", 'd', arg_flag, &debug_flag, - "Enable debug information" }, + "Enable debug information", NULL }, { "version", 0, arg_flag, &version_flag, "Print version", NULL }, { "help", 0, arg_flag, &help_flag, NULL, diff --git a/appl/kx/kxd.c b/appl/kx/kxd.c index 8598fb167..11f356f1c 100644 --- a/appl/kx/kxd.c +++ b/appl/kx/kxd.c @@ -336,7 +336,7 @@ doit_conn (kx_context *kc, } #endif memset (&__ss_addr, 0, sizeof(__ss_addr)); - addr->sa_family = kc->thisaddr->sa_family; + __ss_addr.ss_family = kc->thisaddr->sa_family; if (kc->thisaddr_len > sizeof(__ss_addr)) { syslog(LOG_ERR, "error in af"); return 1; @@ -403,6 +403,7 @@ close_connection(int fd, const char *message) char *p; int lsb = 0; size_t mlen; + ssize_t ret; mlen = strlen(message); if(mlen > 255) @@ -433,7 +434,7 @@ close_connection(int fd, const char *message) buf[6] = 0; buf[7] = (p - buf - 8) / 4; } - write(fd, buf, p - buf); + ret = write(fd, buf, p - buf); close(fd); } @@ -707,12 +708,13 @@ static int help_flag = 0; struct getargs args[] = { { "inetd", 'i', arg_negative_flag, &inetd_flag, - "Not started from inetd" }, - { "tcp", 't', arg_flag, &tcp_flag, "Use TCP" }, + "Not started from inetd", NULL }, + { "tcp", 't', arg_flag, &tcp_flag, "Use TCP", + NULL }, { "port", 'p', arg_string, &port_str, "Use this port", "port" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void diff --git a/appl/login/env.c b/appl/login/env.c index 98ae93086..fc2e8b826 100644 --- a/appl/login/env.c +++ b/appl/login/env.c @@ -53,10 +53,11 @@ extend_env(char *str) void add_env(const char *var, const char *value) { + int aret; int i; char *str; - asprintf(&str, "%s=%s", var, value); - if(str == NULL) + aret = asprintf(&str, "%s=%s", var, value); + if(aret == -1) errx(1, "Out of memory!"); for(i = 0; i < num_env; i++) if(strncmp(env[i], var, strlen(var)) == 0 && diff --git a/appl/login/limits_conf.c b/appl/login/limits_conf.c index 1068b9670..492b14de7 100644 --- a/appl/login/limits_conf.c +++ b/appl/login/limits_conf.c @@ -48,7 +48,7 @@ struct limit { int has_limit; struct rlimit limit; } limits[] = { -#define LIM(X, S) { #X, RLIMIT_##X, S, 0 } +#define LIM(X, S) { #X, RLIMIT_##X, S, 0, {0, 0} } LIM(CORE, 1024), LIM(CPU, 60), LIM(DATA, 1024), @@ -75,7 +75,7 @@ struct limit { maxlogins priority */ - { NULL, 0 } + { NULL, 0, 0, 0, {0, 0} } }; static struct limit * diff --git a/appl/login/login.c b/appl/login/login.c index 6b16f0b71..1d8138b69 100644 --- a/appl/login/login.c +++ b/appl/login/login.c @@ -246,18 +246,19 @@ static char *remote_host; static char *auth_level = NULL; struct getargs args[] = { - { NULL, 'a', arg_string, &auth_level, "authentication mode" }, + { NULL, 'a', arg_string, &auth_level, "authentication mode", NULL }, #if 0 - { NULL, 'd' }, + { NULL, 'd', NULL, NULL, NULL, NULL }, #endif - { NULL, 'f', arg_flag, &f_flag, "pre-authenticated" }, + { NULL, 'f', arg_flag, &f_flag, "pre-authenticated", NULL }, { NULL, 'h', arg_string, &remote_host, "remote host", "hostname" }, - { NULL, 'p', arg_flag, &p_flag, "don't purge environment" }, + { NULL, 'p', arg_flag, &p_flag, "don't purge environment", + NULL }, #if 0 - { NULL, 'r', arg_flag, &r_flag, "rlogin protocol" }, + { NULL, 'r', arg_flag, &r_flag, "rlogin protocol", NULL }, #endif - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag,&help_flag, } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag,&help_flag, NULL, NULL } }; int nargs = sizeof(args) / sizeof(args[0]); diff --git a/appl/otp/otp.c b/appl/otp/otp.c index ef3e4ab15..320646f7e 100644 --- a/appl/otp/otp.c +++ b/appl/otp/otp.c @@ -46,16 +46,16 @@ static int version_flag; static int help_flag; struct getargs args[] = { - { "list", 'l', arg_flag, &listp, "list OTP status" }, - { "delete", 'd', arg_flag, &deletep, "delete OTP" }, - { "open", 'o', arg_flag, &openp, "open a locked OTP" }, - { "renew", 'r', arg_flag, &renewp, "securely renew OTP" }, + { "list", 'l', arg_flag, &listp, "list OTP status", NULL }, + { "delete", 'd', arg_flag, &deletep, "delete OTP", NULL }, + { "open", 'o', arg_flag, &openp, "open a locked OTP", NULL }, + { "renew", 'r', arg_flag, &renewp, "securely renew OTP", NULL }, { "hash", 'f', arg_string, &alg_string, "hash algorithm (md4, md5, or sha)", "algorithm"}, { "user", 'u', arg_string, &user, "user other than current user (root only)", "user" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 'h', arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); diff --git a/appl/otp/otpprint.c b/appl/otp/otpprint.c index 662afeb46..056309d3d 100644 --- a/appl/otp/otpprint.c +++ b/appl/otp/otpprint.c @@ -44,13 +44,14 @@ static int version_flag; static int help_flag; struct getargs args[] = { - { "extended", 'e', arg_flag, &extendedp, "print keys in extended format" }, - { "count", 'n', arg_integer, &count, "number of keys to print" }, - { "hexadecimal", 'h', arg_flag, &hexp, "output in hexadecimal" }, + { "extended", 'e', arg_flag, &extendedp, "print keys in extended format", + NULL }, + { "count", 'n', arg_integer, &count, "number of keys to print", NULL }, + { "hexadecimal", 'h', arg_flag, &hexp, "output in hexadecimal", NULL }, { "hash", 'f', arg_string, &alg_string, "hash algorithm (md4, md5, or sha)", "algorithm"}, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); diff --git a/appl/popper/Makefile.am b/appl/popper/Makefile.am index 2fb612dd6..d39c45b03 100644 --- a/appl/popper/Makefile.am +++ b/appl/popper/Makefile.am @@ -2,6 +2,8 @@ include $(top_srcdir)/Makefile.am.common +WFLAGS += $(WFLAGS_LITE) + noinst_PROGRAMS = pop_debug libexec_PROGRAMS = popper diff --git a/appl/push/push.c b/appl/push/push.c index 659d10214..5990c28e5 100644 --- a/appl/push/push.c +++ b/appl/push/push.c @@ -223,7 +223,7 @@ doit(int s, unsigned sent_xdele = 0; int out_fd; char from_line[128]; - size_t from_line_length; + ssize_t from_line_length; time_t now; struct write_state write_state; unsigned int numheaders = 1; diff --git a/appl/rcp/Makefile.am b/appl/rcp/Makefile.am index 7bd48bac8..db7ed7f30 100644 --- a/appl/rcp/Makefile.am +++ b/appl/rcp/Makefile.am @@ -2,6 +2,8 @@ include $(top_srcdir)/Makefile.am.common +WFLAGS += $(WFLAGS_LITE) + bin_PROGRAMS = rcp rcp_SOURCES = rcp.c util.c rcp_locl.h extern.h diff --git a/appl/rcp/rcp.c b/appl/rcp/rcp.c index 9297af6d7..2ad8ff607 100644 --- a/appl/rcp/rcp.c +++ b/appl/rcp/rcp.c @@ -58,21 +58,23 @@ static int fflag, tflag; static int version_flag, help_flag; struct getargs args[] = { - { NULL, '4', arg_flag, &usekrb4, "use Kerberos 4 authentication" }, - { NULL, '5', arg_flag, &usekrb5, "use Kerberos 5 authentication" }, - { NULL, 'F', arg_flag, &forwardtkt, "forward credentials" }, - { NULL, 'K', arg_flag, &usebroken, "use BSD authentication" }, - { NULL, 'P', arg_string, &port, "non-default port", "port" }, - { NULL, 'p', arg_flag, &pflag, "preserve file permissions" }, - { NULL, 'r', arg_flag, &iamrecursive, "recursive mode" }, - { NULL, 'x', arg_flag, &doencrypt, "use encryption" }, - { NULL, 'z', arg_flag, &noencrypt, "don't encrypt" }, - { NULL, 'd', arg_flag, &targetshouldbedirectory }, - { NULL, 'e', arg_flag, &eflag, "passed to rsh" }, - { NULL, 'f', arg_flag, &fflag }, - { NULL, 't', arg_flag, &tflag }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { NULL, '4', arg_flag, &usekrb4, "use Kerberos 4 authentication", NULL }, + { NULL, '5', arg_flag, &usekrb5, "use Kerberos 5 authentication", NULL }, + { NULL, 'F', arg_flag, &forwardtkt, "forward credentials", NULL }, + { NULL, 'K', arg_flag, &usebroken, "use BSD authentication", + NULL }, + { NULL, 'P', arg_string, &port, "non-default port", "port" }, + { NULL, 'p', arg_flag, &pflag, "preserve file permissions", + NULL }, + { NULL, 'r', arg_flag, &iamrecursive, "recursive mode", NULL }, + { NULL, 'x', arg_flag, &doencrypt, "use encryption", NULL }, + { NULL, 'z', arg_flag, &noencrypt, "don't encrypt", NULL }, + { NULL, 'd', arg_flag, &targetshouldbedirectory, NULL, NULL }, + { NULL, 'e', arg_flag, &eflag, "passed to rsh", NULL }, + { NULL, 'f', arg_flag, &fflag, NULL, NULL }, + { NULL, 't', arg_flag, &tflag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void diff --git a/appl/rsh/Makefile.am b/appl/rsh/Makefile.am index 2cd18752f..86c41b064 100644 --- a/appl/rsh/Makefile.am +++ b/appl/rsh/Makefile.am @@ -4,6 +4,8 @@ include $(top_srcdir)/Makefile.am.common AM_CPPFLAGS += -I$(srcdir)/../login $(INCLUDE_hcrypto) +WFLAGS += $(WFLAGS_LITE) + bin_PROGRAMS = rsh man_MANS = rsh.1 rshd.8 diff --git a/appl/su/su.c b/appl/su/su.c index 902af4b04..578ee1c78 100644 --- a/appl/su/su.c +++ b/appl/su/su.c @@ -80,19 +80,19 @@ char tkfile[256]; struct getargs args[] = { { "kerberos", 'K', arg_negative_flag, &kerberos_flag, - "don't use kerberos" }, + "don't use kerberos", NULL }, { NULL, 'f', arg_flag, &csh_f_flag, - "don't read .cshrc" }, + "don't read .cshrc", NULL }, { "full", 'l', arg_flag, &full_login, - "simulate full login" }, + "simulate full login", NULL }, { NULL, 'm', arg_flag, &env_flag, - "leave environment unmodified" }, + "leave environment unmodified", NULL }, { "instance", 'i', arg_string, &kerberos_instance, - "root instance to use" }, + "root instance to use", NULL }, { "command", 'c', arg_string, &cmd, - "command to execute" }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 0, arg_flag, &version_flag }, + "command to execute", NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, }; diff --git a/appl/telnet/libtelnet/Makefile.am b/appl/telnet/libtelnet/Makefile.am index 66571d5db..c296cb3bb 100644 --- a/appl/telnet/libtelnet/Makefile.am +++ b/appl/telnet/libtelnet/Makefile.am @@ -4,6 +4,8 @@ include $(top_srcdir)/Makefile.am.common AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_hcrypto) +WFLAGS += $(WFLAGS_LITE) + noinst_LIBRARIES = libtelnet.a libtelnet_a_SOURCES = \ diff --git a/appl/telnet/libtelnet/auth.c b/appl/telnet/libtelnet/auth.c index 1c01245d1..5c8647b43 100644 --- a/appl/telnet/libtelnet/auth.c +++ b/appl/telnet/libtelnet/auth.c @@ -166,10 +166,10 @@ Authenticator authenticators[] = { rsaencpwd_status, rsaencpwd_printsub }, #endif - { 0, }, + { 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }, }; -static Authenticator NoAuth = { 0 }; +static Authenticator NoAuth = { 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }; static int i_support = 0; static int i_wont_support = 0; diff --git a/appl/telnet/libtelnet/encrypt.c b/appl/telnet/libtelnet/encrypt.c index 58e081d42..1d3df9323 100644 --- a/appl/telnet/libtelnet/encrypt.c +++ b/appl/telnet/libtelnet/encrypt.c @@ -128,7 +128,7 @@ static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64) ofb64_keyid, ofb64_printsub }, #endif - { 0, }, + { 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }, }; static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT, diff --git a/appl/telnet/telnet/Makefile.am b/appl/telnet/telnet/Makefile.am index 34e0fe641..dec8b1ec3 100644 --- a/appl/telnet/telnet/Makefile.am +++ b/appl/telnet/telnet/Makefile.am @@ -2,6 +2,8 @@ include $(top_srcdir)/Makefile.am.common +WFLAGS += $(WFLAGS_LITE) + AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_hcrypto) bin_PROGRAMS = telnet diff --git a/appl/telnet/telnetd/Makefile.am b/appl/telnet/telnetd/Makefile.am index d8f5b19f3..7e384fa0e 100644 --- a/appl/telnet/telnetd/Makefile.am +++ b/appl/telnet/telnetd/Makefile.am @@ -2,6 +2,8 @@ include $(top_srcdir)/Makefile.am.common +WFLAGS += $(WFLAGS_LITE) + AM_CPPFLAGS += -I$(srcdir)/.. $(INCLUDE_hcrypto) libexec_PROGRAMS = telnetd diff --git a/appl/telnet/telnetd/utility.c b/appl/telnet/telnetd/utility.c index 48d2cf5e2..5b0129c0f 100644 --- a/appl/telnet/telnetd/utility.c +++ b/appl/telnet/telnetd/utility.c @@ -87,7 +87,7 @@ ttloop(void) int stilloob(int s) { - static struct timeval timeout = { 0 }; + static struct timeval timeout = { 0, 0 }; fd_set excepts; int value; diff --git a/appl/test/Makefile.am b/appl/test/Makefile.am index 85f613748..15ed68fca 100644 --- a/appl/test/Makefile.am +++ b/appl/test/Makefile.am @@ -2,6 +2,8 @@ include $(top_srcdir)/Makefile.am.common +WFLAGS += $(WFLAGS_LITE) + noinst_PROGRAMS = tcp_client tcp_server gssapi_server gssapi_client \ uu_server uu_client nt_gss_server nt_gss_client http_client diff --git a/appl/test/common.c b/appl/test/common.c index e0cf264af..40158846b 100644 --- a/appl/test/common.c +++ b/appl/test/common.c @@ -51,9 +51,9 @@ static struct getargs args[] = { { "keytab", 'k', arg_string, &keytab_str, "keytab to use", "keytab" }, { "mech", 'm', arg_string, &mech, "gssapi mech to use", "mech" }, { "password", 'P', arg_string, &password, "password to use", "password" }, - { "fork", 'f', arg_flag, &fork_flag, "do fork" }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 0, arg_flag, &version_flag } + { "fork", 'f', arg_flag, &fork_flag, "do fork", NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/appl/test/http_client.c b/appl/test/http_client.c index c9e1c8492..90a587aac 100644 --- a/appl/test/http_client.c +++ b/appl/test/http_client.c @@ -117,15 +117,17 @@ static char *port_str = "http"; static char *gss_service = "HTTP"; static struct getargs http_args[] = { - { "verbose", 'v', arg_flag, &verbose_flag, "verbose logging", }, + { "verbose", 'v', arg_flag, &verbose_flag, "verbose logging", NULL }, { "port", 'p', arg_string, &port_str, "port to connect to", "port" }, - { "delegate", 0, arg_flag, &delegate_flag, "gssapi delegate credential" }, + { "delegate", 0, arg_flag, &delegate_flag, "gssapi delegate credential", + NULL }, { "gss-service", 's', arg_string, &gss_service, "gssapi service to use", "service" }, { "mech", 'm', arg_string, &mech, "gssapi mech to use", "mech" }, - { "mutual", 0, arg_negative_flag, &mutual_flag, "no gssapi mutual auth" }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 0, arg_flag, &version_flag } + { "mutual", 0, arg_negative_flag, &mutual_flag, "no gssapi mutual auth", + NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL } }; static int num_http_args = sizeof(http_args) / sizeof(http_args[0]); diff --git a/appl/test/nt_gss_server.c b/appl/test/nt_gss_server.c index cdfee1ea5..d6f7cc1be 100644 --- a/appl/test/nt_gss_server.c +++ b/appl/test/nt_gss_server.c @@ -58,8 +58,8 @@ static struct getargs args[] = { { "service", 's', arg_string, &service, "service to use", "service" }, { "dump-auth", 0, arg_string, &auth_file, "dump authorization data", "file" }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 0, arg_flag, &version_flag } + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/base/bsearch.c b/base/bsearch.c index 24fd77cfa..278962172 100644 --- a/base/bsearch.c +++ b/base/bsearch.c @@ -171,7 +171,7 @@ bsearch_common(const char *buf, size_t sz, const char *key, /* Binary search; file should be sorted */ for (l = 0, r = rmax = sz, i = sz >> 1; i >= l && i < rmax; loop_count++) { - heim_assert(i >= 0 && i < sz, "invalid aname2lname db index"); + heim_assert(i < sz, "invalid aname2lname db index"); /* buf[i] is likely in the middle of a line; find the next line */ linep = find_line(buf, i, rmax); diff --git a/base/test_base.c b/base/test_base.c index 78a1c4f4c..838e6cfe2 100644 --- a/base/test_base.c +++ b/base/test_base.c @@ -279,7 +279,7 @@ test_json(void) for (k = strlen(j[i]) - 1; k > 0; k--) { o = heim_json_create_with_bytes(j[i], k, 10, 0, NULL); if (o != NULL) { - fprintf(stderr, "Invalid JSON parsed: %.*s\n", k, j[i]); + fprintf(stderr, "Invalid JSON parsed: %.*s\n", (int)k, j[i]); return EINVAL; } } @@ -585,14 +585,22 @@ static void test_db_iter(heim_data_t k, heim_data_t v, void *arg) { int *ret = arg; + const void *kptr, *vptr; + size_t klen, vlen; heim_assert(heim_get_tid(k) == heim_data_get_type_id(), "..."); - if (heim_data_get_length(k) == strlen("msg") && strncmp(heim_data_get_ptr(k), "msg", strlen("msg")) == 0 && - heim_data_get_length(v) == strlen("abc") && strncmp(heim_data_get_ptr(v), "abc", strlen("abc")) == 0) + kptr = heim_data_get_ptr(k); + klen = heim_data_get_length(k); + vptr = heim_data_get_ptr(v); + vlen = heim_data_get_length(v); + + if (klen == strlen("msg") && !strncmp(kptr, "msg", strlen("msg")) && + vlen == strlen("abc") && !strncmp(vptr, "abc", strlen("abc"))) *ret &= ~(1); - else if (heim_data_get_length(k) == strlen("msg2") && strncmp(heim_data_get_ptr(k), "msg2", strlen("msg2")) == 0 && - heim_data_get_length(v) == strlen("FooBar") && strncmp(heim_data_get_ptr(v), "FooBar", strlen("FooBar")) == 0) + else if (klen == strlen("msg2") && + !strncmp(kptr, "msg2", strlen("msg2")) && + vlen == strlen("FooBar") && !strncmp(vptr, "FooBar", strlen("FooBar"))) *ret &= ~(2); else *ret |= 4; diff --git a/cf/roken-frag.m4 b/cf/roken-frag.m4 index 7e9f8da11..3a06bb4a2 100644 --- a/cf/roken-frag.m4 +++ b/cf/roken-frag.m4 @@ -28,7 +28,7 @@ dnl C characteristics AC_REQUIRE([AC_C___ATTRIBUTE__]) AC_REQUIRE([AC_C_INLINE]) AC_REQUIRE([AC_C_CONST]) -rk_WFLAGS(-Wall -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs) +rk_WFLAGS(-Wall -Wextra -Wno-sign-compare -Wno-unused-parameter -Wmissing-prototypes -Wpointer-arith -Wbad-function-cast -Wmissing-declarations -Wnested-externs) AC_REQUIRE([rk_DB]) diff --git a/cf/wflags.m4 b/cf/wflags.m4 index f610ac61e..53472b8cf 100644 --- a/cf/wflags.m4 +++ b/cf/wflags.m4 @@ -20,10 +20,16 @@ if test -z "$WFLAGS" -a "$GCC" = "yes"; then # -Wmissing-declarations -Wnested-externs # -Wstrict-overflow=5 WFLAGS="ifelse($#, 0,-Wall, $1) $dwflags" - WFLAGS_NOUNUSED="-Wno-unused" WFLAGS_NOIMPLICITINT="-Wno-implicit-int" + + # + # WFLAGS_LITE can be appended to WFLAGS to turn off a host of warnings + # that fail for various bits of older code in appl/. Let's not use it + # for the main libraries, though. + + WFLAGS_LITE="-Wno-extra -Wno-missing-field-initializers -Wno-strict-aliasing -Wno-unused-result" fi AC_SUBST(WFLAGS)dnl -AC_SUBST(WFLAGS_NOUNUSED)dnl +AC_SUBST(WFLAGS_LITE)dnl AC_SUBST(WFLAGS_NOIMPLICITINT)dnl ]) diff --git a/kadmin/add-random-users.c b/kadmin/add-random-users.c index c3beaf206..64f22f5d1 100644 --- a/kadmin/add-random-users.c +++ b/kadmin/add-random-users.c @@ -139,8 +139,8 @@ static int version_flag = 0; static int help_flag = 0; static struct getargs args[] = { - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void diff --git a/kadmin/ank.c b/kadmin/ank.c index 7ed66ff73..c1488d035 100644 --- a/kadmin/ank.c +++ b/kadmin/ank.c @@ -125,10 +125,18 @@ add_one_principal (const char *name, } else if(password == NULL) { char *princ_name; char *prompt; + int aret; - krb5_unparse_name(context, princ_ent, &princ_name); - asprintf (&prompt, "%s's Password: ", princ_name); + ret = krb5_unparse_name(context, princ_ent, &princ_name); + if (ret) + goto out; + aret = asprintf (&prompt, "%s's Password: ", princ_name); free (princ_name); + if (aret == -1) { + ret = ENOMEM; + krb5_set_error_message(context, ret, "out of memory"); + goto out; + } ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), prompt, 1); free (prompt); if (ret) { diff --git a/kadmin/cpw.c b/kadmin/cpw.c index a5ca9ff74..425575d89 100644 --- a/kadmin/cpw.c +++ b/kadmin/cpw.c @@ -85,14 +85,19 @@ set_password (krb5_principal principal, char *password, int keepold) { krb5_error_code ret = 0; char pwbuf[128]; + int aret; if(password == NULL) { char *princ_name; char *prompt; - krb5_unparse_name(context, principal, &princ_name); - asprintf(&prompt, "%s's Password: ", princ_name); + ret = krb5_unparse_name(context, principal, &princ_name); + if (ret) + return ret; + aret = asprintf(&prompt, "%s's Password: ", princ_name); free (princ_name); + if (aret == -1) + return ENOMEM; ret = UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1); free (prompt); if(ret){ diff --git a/kadmin/get.c b/kadmin/get.c index 6c2bc78d0..802b65dc5 100644 --- a/kadmin/get.c +++ b/kadmin/get.c @@ -66,7 +66,7 @@ static struct field_name { { "aliases", KADM5_TL_DATA, KRB5_TL_ALIASES, 0, "Aliases", "Aliases", 0 }, { "hist-kvno-diff-clnt", KADM5_TL_DATA, KRB5_TL_HIST_KVNO_DIFF_CLNT, 0, "Clnt hist keys", "Historic keys allowed for client", 0 }, { "hist-kvno-diff-svc", KADM5_TL_DATA, KRB5_TL_HIST_KVNO_DIFF_SVC, 0, "Svc hist keys", "Historic keys allowed for service", 0 }, - { NULL } + { NULL, 0, 0, 0, NULL, NULL, 0 } }; struct field_info { @@ -125,12 +125,17 @@ format_keytype(krb5_key_data *k, krb5_salt *def_salt, char *buf, size_t buf_len) { krb5_error_code ret; char *s; + int aret; + buf[0] = '\0'; ret = krb5_enctype_to_string (context, k->key_data_type[0], &s); - if (ret) - asprintf (&s, "unknown(%d)", k->key_data_type[0]); + if (ret) { + aret = asprintf (&s, "unknown(%d)", k->key_data_type[0]); + if (aret == -1) + return; /* Nothing to do here, we have no way to pass the err */ + } strlcpy(buf, s, buf_len); free(s); @@ -140,21 +145,29 @@ format_keytype(krb5_key_data *k, krb5_salt *def_salt, char *buf, size_t buf_len) k->key_data_type[0], k->key_data_type[1], &s); - if (ret) - asprintf (&s, "unknown(%d)", k->key_data_type[1]); + if (ret) { + aret = asprintf (&s, "unknown(%d)", k->key_data_type[1]); + if (aret == -1) + return; /* Again, nothing else to do... */ + } strlcat(buf, s, buf_len); free(s); + aret = 0; if (cmp_salt(def_salt, k) == 0) s = strdup(""); else if(k->key_data_length[1] == 0) s = strdup("()"); else - asprintf (&s, "(%.*s)", k->key_data_length[1], - (char *)k->key_data_contents[1]); + aret = asprintf (&s, "(%.*s)", k->key_data_length[1], + (char *)k->key_data_contents[1]); + if (aret == -1 || s == NULL) + return; /* Again, nothing else we can do... */ strlcat(buf, s, buf_len); free(s); - asprintf (&s, "[%d]", k->key_data_kvno); + aret = asprintf (&s, "[%d]", k->key_data_kvno); + if (aret == -1) + return; strlcat(buf, ")", buf_len); strlcat(buf, s, buf_len); diff --git a/kadmin/kadmin.c b/kadmin/kadmin.c index 538507476..602ef91a5 100644 --- a/kadmin/kadmin.c +++ b/kadmin/kadmin.c @@ -159,6 +159,7 @@ main(int argc, char **argv) kadm5_config_params conf; int optidx = 0; int exit_status = 0; + int aret; setprogname(argv[0]); @@ -181,8 +182,8 @@ main(int argc, char **argv) argv += optidx; if (config_file == NULL) { - asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); - if (config_file == NULL) + aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); + if (aret == -1) errx(1, "out of memory"); } diff --git a/kadmin/kadmind.c b/kadmin/kadmind.c index f99f95723..ba6aabcd9 100644 --- a/kadmin/kadmind.c +++ b/kadmin/kadmind.c @@ -119,8 +119,10 @@ main(int argc, char **argv) argv += optidx; if (config_file == NULL) { - asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); - if (config_file == NULL) + int aret; + + aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); + if (aret == -1) errx(1, "out of memory"); } diff --git a/kadmin/stash.c b/kadmin/stash.c index f9b940ac5..9585535e1 100644 --- a/kadmin/stash.c +++ b/kadmin/stash.c @@ -45,6 +45,7 @@ stash(struct stash_options *opt, int argc, char **argv) krb5_error_code ret; krb5_enctype enctype; hdb_master_key mkey; + int aret; if(!local_flag) { krb5_warnx(context, "stash is only available in local (-l) mode"); @@ -58,8 +59,8 @@ stash(struct stash_options *opt, int argc, char **argv) } if(opt->key_file_string == NULL) { - asprintf(&opt->key_file_string, "%s/m-key", hdb_db_dir(context)); - if (opt->key_file_string == NULL) + aret = asprintf(&opt->key_file_string, "%s/m-key", hdb_db_dir(context)); + if (aret == -1) errx(1, "out of memory"); } @@ -108,10 +109,16 @@ stash(struct stash_options *opt, int argc, char **argv) } { - char *new, *old; - asprintf(&old, "%s.old", opt->key_file_string); - asprintf(&new, "%s.new", opt->key_file_string); - if(old == NULL || new == NULL) { + char *new = NULL, *old = NULL; + int aret; + + aret = asprintf(&old, "%s.old", opt->key_file_string); + if (aret == -1) { + ret = ENOMEM; + goto out; + } + aret = asprintf(&new, "%s.new", opt->key_file_string); + if (aret == -1) { ret = ENOMEM; goto out; } diff --git a/kcm/cache.c b/kcm/cache.c index 1bd220c8a..a527369f7 100644 --- a/kcm/cache.c +++ b/kcm/cache.c @@ -42,12 +42,15 @@ char *kcm_ccache_nextid(pid_t pid, uid_t uid, gid_t gid) { unsigned n; char *name; + int ret; HEIMDAL_MUTEX_lock(&ccache_mutex); n = ++ccache_nextid; HEIMDAL_MUTEX_unlock(&ccache_mutex); - asprintf(&name, "%ld:%u", (long)uid, n); + ret = asprintf(&name, "%ld:%u", (long)uid, n); + if (ret == -1) + return NULL; return name; } diff --git a/kcm/config.c b/kcm/config.c index 26c48be3c..8659c0a99 100644 --- a/kcm/config.c +++ b/kcm/config.c @@ -86,22 +86,22 @@ static struct getargs args[] = { }, { "launchd", 0, arg_flag, &launchd_flag, - "when in use by launchd" + "when in use by launchd", NULL }, #ifdef SUPPORT_DETACH #if DETACH_IS_DEFAULT { "detach", 'D', arg_negative_flag, &detach_from_console, - "don't detach from console" + "don't detach from console", NULL }, #else { "detach", 0 , arg_flag, &detach_from_console, - "detach from console" + "detach from console", NULL }, #endif #endif - { "help", 'h', arg_flag, &help_flag }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, { "system-principal", 'k', arg_string, &system_principal, "system principal name", "principal" @@ -116,11 +116,11 @@ static struct getargs args[] = { }, { "name-constraints", 'n', arg_negative_flag, &name_constraints, - "disable credentials cache name constraints" + "disable credentials cache name constraints", NULL }, { "disallow-getting-krbtgt", 0, arg_flag, &disallow_getting_krbtgt, - "disable fetching krbtgt from the cache" + "disable fetching krbtgt from the cache", NULL }, { "renewable-life", 'r', arg_string, &renew_life, @@ -148,7 +148,7 @@ static struct getargs args[] = { "user", 'u', arg_string, &system_user, "system cache owner", "user" }, - { "version", 'v', arg_flag, &version_flag } + { "version", 'v', arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/kcm/glue.c b/kcm/glue.c index 8b0d17226..b4a131963 100644 --- a/kcm/glue.c +++ b/kcm/glue.c @@ -263,7 +263,16 @@ static const krb5_cc_ops krb5_kcmss_ops = { kcmss_end_get, kcmss_remove_cred, kcmss_set_flags, - kcmss_get_version + kcmss_get_version, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, }; krb5_error_code diff --git a/kcm/main.c b/kcm/main.c index 2b3af2220..71681bd4a 100644 --- a/kcm/main.c +++ b/kcm/main.c @@ -102,7 +102,8 @@ main(int argc, char **argv) #endif #ifdef SUPPORT_DETACH if (detach_from_console) - daemon(0, 0); + if (daemon(0, 0) == -1) + err(1, "daemon"); #endif pidfile(NULL); diff --git a/kcm/protocol.c b/kcm/protocol.c index 0cf7157b7..5d7a63503 100644 --- a/kcm/protocol.c +++ b/kcm/protocol.c @@ -1070,6 +1070,7 @@ kcm_op_get_default_cache(krb5_context context, krb5_error_code ret; const char *name = NULL; char *n = NULL; + int aret; KCM_LOG_REQUEST(context, client, opcode); @@ -1083,8 +1084,9 @@ kcm_op_get_default_cache(krb5_context context, name = n = kcm_ccache_first_name(client); if (name == NULL) { - asprintf(&n, "%d", (int)client->uid); - name = n; + aret = asprintf(&n, "%d", (int)client->uid); + if (aret != -1) + name = n; } if (name == NULL) return ENOMEM; diff --git a/kdc/config.c b/kdc/config.c index 485f20be2..bc5820c75 100644 --- a/kdc/config.c +++ b/kdc/config.c @@ -181,10 +181,11 @@ configure(krb5_context context, int argc, char **argv, int *optidx) { char **files; + int aret; if (config_file == NULL) { - asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); - if (config_file == NULL) + aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); + if (aret == -1 || config_file == NULL) errx(1, "out of memory"); } diff --git a/kdc/digest.c b/kdc/digest.c index 5c90e9e2a..9dfe220f6 100644 --- a/kdc/digest.c +++ b/kdc/digest.c @@ -406,11 +406,12 @@ _kdc_do_digest(krb5_context context, if (ireq.u.init.channel) { char *s; + int aret; - asprintf(&s, "%s-%s:%s", r.u.initReply.nonce, - ireq.u.init.channel->cb_type, - ireq.u.init.channel->cb_binding); - if (s == NULL) { + aret = asprintf(&s, "%s-%s:%s", r.u.initReply.nonce, + ireq.u.init.channel->cb_type, + ireq.u.init.channel->cb_binding); + if (aret == -1 || s == NULL) { ret = ENOMEM; krb5_set_error_message(context, ret, "Failed to allocate channel binding"); @@ -427,6 +428,8 @@ _kdc_do_digest(krb5_context context, } if (strcasecmp(ireq.u.init.type, "CHAP") == 0) { + int aret; + r.u.initReply.identifier = malloc(sizeof(*r.u.initReply.identifier)); if (r.u.initReply.identifier == NULL) { @@ -435,8 +438,8 @@ _kdc_do_digest(krb5_context context, goto out; } - asprintf(r.u.initReply.identifier, "%02X", identifier & 0xff); - if (*r.u.initReply.identifier == NULL) { + aret = asprintf(r.u.initReply.identifier, "%02X", identifier&0xff); + if (aret == -1 || *r.u.initReply.identifier == NULL) { ret = ENOMEM; krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; @@ -997,10 +1000,12 @@ _kdc_do_digest(krb5_context context, } } else { + int aret; + r.element = choice_DigestRepInner_error; - asprintf(&r.u.error.reason, "Unsupported digest type %s", - ireq.u.digestRequest.type); - if (r.u.error.reason == NULL) { + aret = asprintf(&r.u.error.reason, "Unsupported digest type %s", + ireq.u.digestRequest.type); + if (aret == -1 || r.u.error.reason == NULL) { ret = ENOMEM; krb5_set_error_message(context, ret, "malloc: out of memory"); goto out; diff --git a/kdc/hpropd.c b/kdc/hpropd.c index 75b26a15f..7dee4e7b5 100644 --- a/kdc/hpropd.c +++ b/kdc/hpropd.c @@ -145,7 +145,7 @@ main(int argc, char **argv) if(getpeername(sock, sa, &sin_len) < 0) krb5_err(context, 1, errno, "getpeername"); - if (inet_ntop(sa->sa_family, + if (inet_ntop(ss.ss_family, socket_get_address (sa), addr_name, sizeof(addr_name)) == NULL) @@ -207,7 +207,11 @@ main(int argc, char **argv) } if(!print_dump) { - asprintf(&tmp_db, "%s~", database); + int aret; + + aret = asprintf(&tmp_db, "%s~", database); + if (aret == -1) + krb5_errx(context, 1, "hdb_create: out of memory"); ret = hdb_create(context, &db, tmp_db); if(ret) diff --git a/kdc/kdc-replay.c b/kdc/kdc-replay.c index b0510f408..af4e55c35 100644 --- a/kdc/kdc-replay.c +++ b/kdc/kdc-replay.c @@ -37,11 +37,11 @@ static int version_flag; static int help_flag; struct getargs args[] = { - { "version", 0, arg_flag, &version_flag }, - { "help", 'h', arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL } }; -const static int num_args = sizeof(args) / sizeof(args[0]); +static const int num_args = sizeof(args) / sizeof(args[0]); static void usage(int ret) diff --git a/kdc/kstash.c b/kdc/kstash.c index 0b75fb8d8..4aad28e3a 100644 --- a/kdc/kstash.c +++ b/kdc/kstash.c @@ -66,6 +66,7 @@ main(int argc, char **argv) { char buf[1024]; krb5_error_code ret; + int aret; krb5_enctype enctype; @@ -84,8 +85,11 @@ main(int argc, char **argv) krb5_errx(context, 1, "random-key and master-key-fd " "is mutual exclusive"); - if (keyfile == NULL) - asprintf(&keyfile, "%s/m-key", hdb_db_dir(context)); + if (keyfile == NULL) { + aret = asprintf(&keyfile, "%s/m-key", hdb_db_dir(context)); + if (aret == -1) + krb5_errx(context, 1, "out of memory"); + } ret = krb5_string_to_enctype(context, enctype_str, &enctype); if(ret) @@ -132,9 +136,21 @@ main(int argc, char **argv) } { - char *new, *old; - asprintf(&old, "%s.old", keyfile); - asprintf(&new, "%s.new", keyfile); + char *new = NULL, *old = NULL; + int aret; + + aret = asprintf(&old, "%s.old", keyfile); + if (aret == -1) { + old = NULL; + ret = ENOMEM; + goto out; + } + aret = asprintf(&new, "%s.new", keyfile); + if (aret == -1) { + new = NULL; + ret = ENOMEM; + goto out; + } if(unlink(new) < 0 && errno != ENOENT) { ret = errno; goto out; diff --git a/kdc/pkinit.c b/kdc/pkinit.c index f56b09c40..619d4c4e9 100644 --- a/kdc/pkinit.c +++ b/kdc/pkinit.c @@ -2035,7 +2035,14 @@ krb5_kdc_pk_initialize(krb5_context context, "pkinit_mappings_file", NULL); if (file == NULL) { - asprintf(&fn, "%s/pki-mapping", hdb_db_dir(context)); + int aret; + + aret = asprintf(&fn, "%s/pki-mapping", hdb_db_dir(context)); + if (aret == -1) { + krb5_warnx(context, "PKINIT: out of memory"); + return ENOMEM; + } + file = fn; } diff --git a/kpasswd/kpasswd-generator.c b/kpasswd/kpasswd-generator.c index 952531d30..1db0bc9af 100644 --- a/kpasswd/kpasswd-generator.c +++ b/kpasswd/kpasswd-generator.c @@ -96,6 +96,7 @@ generate_requests (const char *filename, unsigned nreq) int result_code; krb5_data result_code_string, result_string; char *old_pwd, *new_pwd; + int aret; krb5_get_init_creds_opt_alloc (context, &opt); krb5_get_init_creds_opt_set_tkt_life (opt, 300); @@ -106,8 +107,12 @@ generate_requests (const char *filename, unsigned nreq) if (ret) krb5_err (context, 1, ret, "krb5_parse_name %s", name); - asprintf (&old_pwd, "%s", name); - asprintf (&new_pwd, "%s2", name); + aret = asprintf (&old_pwd, "%s", name); + if (aret == -1) + krb5_errx(context, 1, "out of memory"); + aret = asprintf (&new_pwd, "%s2", name); + if (aret == -1) + krb5_errx(context, 1, "out of memory"); ret = krb5_get_init_creds_password (context, &cred, @@ -163,8 +168,8 @@ static int version_flag = 0; static int help_flag = 0; static struct getargs args[] = { - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void diff --git a/kpasswd/kpasswd.c b/kpasswd/kpasswd.c index e681a359d..491a907f4 100644 --- a/kpasswd/kpasswd.c +++ b/kpasswd/kpasswd.c @@ -64,22 +64,23 @@ change_password(krb5_context context, krb5_error_code ret; char pwbuf[BUFSIZ]; char *msg, *name; + int aret; krb5_data_zero (&result_code_string); krb5_data_zero (&result_string); name = msg = NULL; if (principal == NULL) - asprintf(&msg, "New password: "); + aret = asprintf(&msg, "New password: "); else { ret = krb5_unparse_name(context, principal, &name); if (ret) krb5_err(context, 1, ret, "krb5_unparse_name"); - asprintf(&msg, "New password for %s: ", name); + aret = asprintf(&msg, "New password for %s: ", name); } - if (msg == NULL) + if (aret == -1 || msg == NULL) krb5_errx (context, 1, "out of memory"); ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), msg, 1); diff --git a/kpasswd/kpasswdd.c b/kpasswd/kpasswdd.c index 97d39fc5d..8078efd29 100644 --- a/kpasswd/kpasswdd.c +++ b/kpasswd/kpasswdd.c @@ -689,7 +689,7 @@ doit (krb5_keytab keytab, int port) krb5_addr2sockaddr (context, &addrs.val[i], sa, &sa_size, port); - sockets[i] = socket (sa->sa_family, SOCK_DGRAM, 0); + sockets[i] = socket (__ss.ss_family, SOCK_DGRAM, 0); if (sockets[i] < 0) krb5_err (context, 1, errno, "socket"); if (bind (sockets[i], sa, sa_size) < 0) { @@ -798,6 +798,7 @@ main (int argc, char **argv) krb5_error_code ret; char **files; int port, i; + int aret; krb5_program_setup(&context, argc, argv, args, num_args, NULL); @@ -809,8 +810,8 @@ main (int argc, char **argv) } if (config_file == NULL) { - asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); - if (config_file == NULL) + aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); + if (aret == -1) errx(1, "out of memory"); } diff --git a/kuser/generate-requests.c b/kuser/generate-requests.c index 8f50427ad..3a790539b 100644 --- a/kuser/generate-requests.c +++ b/kuser/generate-requests.c @@ -98,8 +98,8 @@ static int version_flag = 0; static int help_flag = 0; static struct getargs args[] = { - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void diff --git a/kuser/kdecode_ticket.c b/kuser/kdecode_ticket.c index 2d30b5f38..edb0cc843 100644 --- a/kuser/kdecode_ticket.c +++ b/kuser/kdecode_ticket.c @@ -79,8 +79,8 @@ print_and_decode_tkt (krb5_context context, struct getargs args[] = { { "enctype", 'e', arg_string, &etype_str, "encryption type to use", "enctype"}, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void diff --git a/kuser/kinit.c b/kuser/kinit.c index b4c532564..5e01928ec 100644 --- a/kuser/kinit.c +++ b/kuser/kinit.c @@ -332,9 +332,10 @@ store_ntlmkey(krb5_context context, krb5_ccache id, krb5_error_code ret; krb5_data data; char *name; + int aret; - asprintf(&name, "ntlm-key-%s", domain); - if (name == NULL) { + aret = asprintf(&name, "ntlm-key-%s", domain); + if (aret == -1 || name == NULL) { krb5_clear_error_message(context); return ENOMEM; } @@ -549,10 +550,15 @@ get_new_tickets(krb5_context context, if (passwd[0] == '\0') { char *p, *prompt; + int aret = 0; - krb5_unparse_name (context, principal, &p); - asprintf (&prompt, N_("%s's Password: ", ""), p); - free (p); + ret = krb5_unparse_name (context, principal, &p); + if (!ret) { + aret = asprintf (&prompt, N_("%s's Password: ", ""), p); + free (p); + } + if (ret || aret == -1) + errx(1, "failed to generate passwd prompt: not enough memory"); if (UI_UTIL_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){ memset(passwd, 0, sizeof(passwd)); diff --git a/kuser/kswitch.c b/kuser/kswitch.c index cdb6ee11c..ba56bf274 100644 --- a/kuser/kswitch.c +++ b/kuser/kswitch.c @@ -146,13 +146,14 @@ kswitch(struct kswitch_options *opt, int argc, char **argv) } else if (opt->cache_string) { const krb5_cc_ops *ops; char *str; + int aret; ops = krb5_cc_get_prefix_ops(kcc_context, opt->type_string); if (ops == NULL) krb5_err(kcc_context, 1, 0, "krb5_cc_get_prefix_ops"); - asprintf(&str, "%s:%s", ops->prefix, opt->cache_string); - if (str == NULL) + aret = asprintf(&str, "%s:%s", ops->prefix, opt->cache_string); + if (aret == -1) krb5_errx(kcc_context, 1, N_("out of memory", "")); ret = krb5_cc_resolve(kcc_context, str, &id); diff --git a/kuser/kverify.c b/kuser/kverify.c index 64bd54a2b..83b3b00c8 100644 --- a/kuser/kverify.c +++ b/kuser/kverify.c @@ -37,8 +37,8 @@ static int help_flag = 0; static int version_flag = 0; static struct getargs args[] = { - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void diff --git a/lib/asn1/asn1_gen.c b/lib/asn1/asn1_gen.c index 01dc68051..58532ee70 100644 --- a/lib/asn1/asn1_gen.c +++ b/lib/asn1/asn1_gen.c @@ -150,8 +150,8 @@ doit(const char *fn) static int version_flag; static int help_flag; struct getargs args[] = { - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); diff --git a/lib/asn1/asn1_print.c b/lib/asn1/asn1_print.c index 84446e0d8..59b9af3b2 100644 --- a/lib/asn1/asn1_print.c +++ b/lib/asn1/asn1_print.c @@ -315,10 +315,11 @@ doit (const char *filename) static int version_flag; static int help_flag; struct getargs args[] = { - { "indent", 0, arg_negative_flag, &indent_flag }, - { "inner", 0, arg_flag, &inner_flag, "try to parse inner structures of OCTET STRING" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "indent", 0, arg_negative_flag, &indent_flag, NULL, NULL }, + { "inner", 0, arg_flag, &inner_flag, + "try to parse inner structures of OCTET STRING", NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); diff --git a/lib/asn1/check-common.c b/lib/asn1/check-common.c index ac96b91b1..e086082ba 100644 --- a/lib/asn1/check-common.c +++ b/lib/asn1/check-common.c @@ -178,15 +178,20 @@ static RETSIGTYPE segv_handler(int sig) { int fd; + ssize_t ret; char msg[] = "SIGSEGV i current test: "; fd = open("/dev/stdout", O_WRONLY, 0600); if (fd >= 0) { - write(fd, msg, sizeof(msg)); - write(fd, current_test, strlen(current_test)); - write(fd, " ", 1); - write(fd, current_state, strlen(current_state)); - write(fd, "\n", 1); + ret = write(fd, msg, sizeof(msg)); + if (ret != -1) + ret = write(fd, current_test, strlen(current_test)); + if (ret != -1) + ret = write(fd, " ", 1); + if (ret != -1) + ret = write(fd, current_state, strlen(current_state)); + if (ret != -1) + ret = write(fd, "\n", 1); close(fd); } _exit(1); diff --git a/lib/asn1/check-der.c b/lib/asn1/check-der.c index fa80a4254..f4da5bc7f 100644 --- a/lib/asn1/check-der.c +++ b/lib/asn1/check-der.c @@ -58,16 +58,16 @@ static int test_integer (void) { struct test_case tests[] = { - {NULL, 1, "\x00"}, - {NULL, 1, "\x7f"}, - {NULL, 2, "\x00\x80"}, - {NULL, 2, "\x01\x00"}, - {NULL, 1, "\x80"}, - {NULL, 2, "\xff\x7f"}, - {NULL, 1, "\xff"}, - {NULL, 2, "\xff\x01"}, - {NULL, 2, "\x00\xff"}, - {NULL, 4, "\x7f\xff\xff\xff"} + {NULL, 1, "\x00", NULL}, + {NULL, 1, "\x7f", NULL}, + {NULL, 2, "\x00\x80", NULL}, + {NULL, 2, "\x01\x00", NULL}, + {NULL, 1, "\x80", NULL}, + {NULL, 2, "\xff\x7f", NULL}, + {NULL, 1, "\xff", NULL}, + {NULL, 2, "\xff\x01", NULL}, + {NULL, 2, "\x00\xff", NULL}, + {NULL, 4, "\x7f\xff\xff\xff", NULL} }; int values[] = {0, 127, 128, 256, -128, -129, -1, -255, 255, @@ -184,14 +184,14 @@ static int test_unsigned (void) { struct test_case tests[] = { - {NULL, 1, "\x00"}, - {NULL, 1, "\x7f"}, - {NULL, 2, "\x00\x80"}, - {NULL, 2, "\x01\x00"}, - {NULL, 2, "\x02\x00"}, - {NULL, 3, "\x00\x80\x00"}, - {NULL, 5, "\x00\x80\x00\x00\x00"}, - {NULL, 4, "\x7f\xff\xff\xff"} + {NULL, 1, "\x00", NULL}, + {NULL, 1, "\x7f", NULL}, + {NULL, 2, "\x00\x80", NULL}, + {NULL, 2, "\x01\x00", NULL}, + {NULL, 2, "\x02\x00", NULL}, + {NULL, 3, "\x00\x80\x00", NULL}, + {NULL, 5, "\x00\x80\x00\x00\x00", NULL}, + {NULL, 4, "\x7f\xff\xff\xff", NULL} }; unsigned int values[] = {0, 127, 128, 256, 512, 32768, @@ -237,7 +237,7 @@ test_octet_string (void) heim_octet_string s1 = {8, "\x01\x23\x45\x67\x89\xab\xcd\xef"}; struct test_case tests[] = { - {NULL, 8, "\x01\x23\x45\x67\x89\xab\xcd\xef"} + {NULL, 8, "\x01\x23\x45\x67\x89\xab\xcd\xef", NULL} }; int ntests = sizeof(tests) / sizeof(*tests); int ret; @@ -278,8 +278,8 @@ test_bmp_string (void) heim_bmp_string s2 = { 2, bmp_d2 }; struct test_case tests[] = { - {NULL, 2, "\x00\x20"}, - {NULL, 4, "\x00\x20\x00\x20"} + {NULL, 2, "\x00\x20", NULL}, + {NULL, 4, "\x00\x20\x00\x20", NULL} }; int ntests = sizeof(tests) / sizeof(*tests); int ret; @@ -326,8 +326,8 @@ test_universal_string (void) heim_universal_string s2 = { 2, universal_d2 }; struct test_case tests[] = { - {NULL, 4, "\x00\x00\x00\x20"}, - {NULL, 8, "\x00\x00\x00\x20\x00\x00\x00\x20"} + {NULL, 4, "\x00\x00\x00\x20", NULL}, + {NULL, 8, "\x00\x00\x00\x20\x00\x00\x00\x20", NULL} }; int ntests = sizeof(tests) / sizeof(*tests); int ret; @@ -370,7 +370,7 @@ test_general_string (void) char *s1 = "Test User 1"; struct test_case tests[] = { - {NULL, 11, "\x54\x65\x73\x74\x20\x55\x73\x65\x72\x20\x31"} + {NULL, 11, "\x54\x65\x73\x74\x20\x55\x73\x65\x72\x20\x31", NULL} }; int ret, ntests = sizeof(tests) / sizeof(*tests); @@ -404,8 +404,8 @@ static int test_generalized_time (void) { struct test_case tests[] = { - {NULL, 15, "19700101000000Z"}, - {NULL, 15, "19851106210627Z"} + {NULL, 15, "19700101000000Z", NULL}, + {NULL, 15, "19851106210627Z", NULL} }; time_t values[] = {0, 500159187}; int i, ret; @@ -446,10 +446,10 @@ static int test_oid (void) { struct test_case tests[] = { - {NULL, 2, "\x29\x01"}, - {NULL, 1, "\x29"}, - {NULL, 2, "\xff\x01"}, - {NULL, 1, "\xff"} + {NULL, 2, "\x29\x01", NULL}, + {NULL, 1, "\x29", NULL}, + {NULL, 2, "\xff\x01", NULL}, + {NULL, 1, "\xff", NULL} }; heim_oid values[] = { { 3, oid_comp1 }, @@ -490,7 +490,7 @@ static int test_bit_string (void) { struct test_case tests[] = { - {NULL, 1, "\x00"} + {NULL, 1, "\x00", NULL} }; heim_bit_string values[] = { { 0, "" } @@ -528,13 +528,13 @@ static int test_heim_integer (void) { struct test_case tests[] = { - {NULL, 2, "\xfe\x01"}, - {NULL, 2, "\xef\x01"}, - {NULL, 3, "\xff\x00\xff"}, - {NULL, 3, "\xff\x01\x00"}, - {NULL, 1, "\x00"}, - {NULL, 1, "\x01"}, - {NULL, 2, "\x00\x80"} + {NULL, 2, "\xfe\x01", NULL}, + {NULL, 2, "\xef\x01", NULL}, + {NULL, 3, "\xff\x00\xff", NULL}, + {NULL, 3, "\xff\x01\x00", NULL}, + {NULL, 1, "\x00", NULL}, + {NULL, 1, "\x01", NULL}, + {NULL, 2, "\x00\x80", NULL} }; heim_integer values[] = { @@ -592,8 +592,8 @@ static int test_boolean (void) { struct test_case tests[] = { - {NULL, 1, "\xff"}, - {NULL, 1, "\x00"} + {NULL, 1, "\xff", NULL}, + {NULL, 1, "\x00", NULL} }; int values[] = { 1, 0 }; diff --git a/lib/asn1/check-gen.c b/lib/asn1/check-gen.c index 85274a696..614190548 100644 --- a/lib/asn1/check-gen.c +++ b/lib/asn1/check-gen.c @@ -98,18 +98,21 @@ test_principal (void) struct test_case tests[] = { { NULL, 29, "\x30\x1b\xa0\x10\x30\x0e\xa0\x03\x02\x01\x01\xa1\x07\x30\x05\x1b" - "\x03\x6c\x68\x61\xa1\x07\x1b\x05\x53\x55\x2e\x53\x45" + "\x03\x6c\x68\x61\xa1\x07\x1b\x05\x53\x55\x2e\x53\x45", + NULL }, { NULL, 35, "\x30\x21\xa0\x16\x30\x14\xa0\x03\x02\x01\x01\xa1\x0d\x30\x0b\x1b" "\x03\x6c\x68\x61\x1b\x04\x72\x6f\x6f\x74\xa1\x07\x1b\x05\x53\x55" - "\x2e\x53\x45" + "\x2e\x53\x45", + NULL }, { NULL, 54, "\x30\x34\xa0\x26\x30\x24\xa0\x03\x02\x01\x03\xa1\x1d\x30\x1b\x1b" "\x04\x68\x6f\x73\x74\x1b\x13\x6e\x75\x74\x63\x72\x61\x63\x6b\x65" "\x72\x2e\x65\x2e\x6b\x74\x68\x2e\x73\x65\xa1\x0a\x1b\x08\x45\x2e" - "\x4b\x54\x48\x2e\x53\x45" + "\x4b\x54\x48\x2e\x53\x45", + NULL } }; @@ -171,7 +174,8 @@ test_authenticator (void) "\x45\x2e\x4b\x54\x48\x2e\x53\x45\xa2\x10\x30\x0e\xa0" "\x03\x02\x01\x01\xa1\x07\x30\x05\x1b\x03\x6c\x68\x61" "\xa4\x03\x02\x01\x0a\xa5\x11\x18\x0f\x31\x39\x37\x30" - "\x30\x31\x30\x31\x30\x30\x30\x31\x33\x39\x5a" + "\x30\x31\x30\x31\x30\x30\x30\x31\x33\x39\x5a", + NULL }, { NULL, 67, "\x62\x41\x30\x3f\xa0\x03\x02\x01\x05\xa1\x07\x1b\x05" @@ -179,7 +183,8 @@ test_authenticator (void) "\x01\xa1\x0d\x30\x0b\x1b\x03\x6c\x68\x61\x1b\x04\x72" "\x6f\x6f\x74\xa4\x04\x02\x02\x01\x24\xa5\x11\x18\x0f" "\x31\x39\x37\x30\x30\x31\x30\x31\x30\x30\x31\x36\x33" - "\x39\x5a" + "\x39\x5a", + NULL } }; @@ -532,7 +537,7 @@ test_time (void) "time 1" }, { NULL, 17, "\x18\x0f\x32\x30\x30\x39\x30\x35\x32\x34\x30\x32\x30\x32\x34\x30" - "\x5a" + "\x5a", "time 2" } }; @@ -1185,7 +1190,7 @@ check_fail_largetag(void) {NULL, 0, "", "empty buffer"}, {NULL, 7, "\x30\x05\xa1\x03\x02\x02\x01", "one too short" }, - {NULL, 7, "\x30\x04\xa1\x03\x02\x02\x01" + {NULL, 7, "\x30\x04\xa1\x03\x02\x02\x01", "two too short" }, {NULL, 7, "\x30\x03\xa1\x03\x02\x02\x01", "three too short" }, @@ -1220,7 +1225,7 @@ check_fail_sequence(void) {NULL, 0, "", "empty buffer"}, {NULL, 24, "\x30\x16\xa0\x03\x02\x01\x01\xa1\x08\x30\x06\xbf\x7f\x03\x02\x01\x01" - "\x02\x01\x01\xa2\x03\x02\x01\x01" + "\x02\x01\x01\xa2\x03\x02\x01\x01", "missing one byte from the end, internal length ok"}, {NULL, 25, "\x30\x18\xa0\x03\x02\x01\x01\xa1\x08\x30\x06\xbf\x7f\x03\x02\x01\x01" diff --git a/lib/asn1/gen_decode.c b/lib/asn1/gen_decode.c index db7696883..336b18b40 100644 --- a/lib/asn1/gen_decode.c +++ b/lib/asn1/gen_decode.c @@ -193,7 +193,7 @@ range_check(const char *name, "e = ASN1_MAX_CONSTRAINT; %s;\n" "}\n", name, length, (long long)r->max, forwstr); - if (r->min - 1 == r->max || r->min < r->max) + if ((r->min - 1 == r->max || r->min < r->max) && r->min > 0) fprintf (codefile, "if ((%s)->%s < %lld) {\n" "e = ASN1_MIN_CONSTRAINT; %s;\n" diff --git a/lib/asn1/gen_encode.c b/lib/asn1/gen_encode.c index b8afceaee..f043f6097 100644 --- a/lib/asn1/gen_encode.c +++ b/lib/asn1/gen_encode.c @@ -50,7 +50,7 @@ classname(Der_class class) { const char *cn[] = { "ASN1_C_UNIV", "ASN1_C_APPL", "ASN1_C_CONTEXT", "ASN1_C_PRIV" }; - if(class < ASN1_C_UNIV || class > ASN1_C_PRIVATE) + if(class > ASN1_C_PRIVATE) return "???"; return cn[class]; } diff --git a/lib/asn1/main.c b/lib/asn1/main.c index f22dc8792..2c20013c1 100644 --- a/lib/asn1/main.c +++ b/lib/asn1/main.c @@ -70,16 +70,16 @@ char *option_file; int version_flag; int help_flag; struct getargs args[] = { - { "template", 0, arg_flag, &template_flag }, - { "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring }, - { "decode-dce-ber", 0, arg_flag, &support_ber }, - { "support-ber", 0, arg_flag, &support_ber }, - { "preserve-binary", 0, arg_strings, &preserve }, - { "sequence", 0, arg_strings, &seq }, - { "one-code-file", 0, arg_flag, &one_code_file }, - { "option-file", 0, arg_string, &option_file }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "template", 0, arg_flag, &template_flag, NULL, NULL }, + { "encode-rfc1510-bit-string", 0, arg_flag, &rfc1510_bitstring, NULL, NULL}, + { "decode-dce-ber", 0, arg_flag, &support_ber, NULL, NULL }, + { "support-ber", 0, arg_flag, &support_ber, NULL, NULL }, + { "preserve-binary", 0, arg_strings, &preserve, NULL, NULL }, + { "sequence", 0, arg_strings, &seq, NULL, NULL }, + { "one-code-file", 0, arg_flag, &one_code_file, NULL, NULL }, + { "option-file", 0, arg_string, &option_file, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); diff --git a/lib/com_err/compile_et.c b/lib/com_err/compile_et.c index c72abdecc..c0700583e 100644 --- a/lib/com_err/compile_et.c +++ b/lib/com_err/compile_et.c @@ -186,8 +186,8 @@ generate(void) int version_flag; int help_flag; struct getargs args[] = { - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); diff --git a/lib/gssapi/krb5/external.c b/lib/gssapi/krb5/external.c index f31244678..deae016bc 100644 --- a/lib/gssapi/krb5/external.c +++ b/lib/gssapi/krb5/external.c @@ -202,67 +202,131 @@ static gss_mo_desc krb5_mo[] = { }, { GSS_C_MA_MECH_CONCRETE, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_ITOK_FRAMED, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_AUTH_INIT, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_AUTH_TARG, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_AUTH_INIT_ANON, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_DELEG_CRED, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_INTEG_PROT, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_CONF_PROT, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_MIC, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_WRAP, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_PROT_READY, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_REPLAY_DET, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_OOS_DET, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_CBINDINGS, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_PFS, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_CTX_TRANS, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL } }; diff --git a/lib/gssapi/mech/gss_oid.c b/lib/gssapi/mech/gss_oid.c index 916d1e4dd..de70cca6a 100644 --- a/lib/gssapi/mech/gss_oid.c +++ b/lib/gssapi/mech/gss_oid.c @@ -254,13 +254,13 @@ struct _gss_oid_name_table _gss_ont_ma[] = { { GSS_C_MA_AUTH_INIT_INIT, "GSS_C_MA_AUTH_INIT_INIT", "auth-init-princ-initial", "" }, { GSS_C_MA_MECH_CONCRETE, "GSS_C_MA_MECH_CONCRETE", "concrete-mech", "Indicates that a mech is neither a pseudo-mechanism nor a composite mechanism" }, { GSS_C_MA_SASL_MECH_NAME, "GSS_C_MA_SASL_MECH_NAME", "SASL mechanism name", "The name of the SASL mechanism" }, - { NULL } + { NULL, NULL, NULL, NULL } }; struct _gss_oid_name_table _gss_ont_mech[] = { { GSS_KRB5_MECHANISM, "GSS_KRB5_MECHANISM", "Kerberos 5", "Heimdal Kerberos 5 mechanism" }, { GSS_SPNEGO_MECHANISM, "GSS_SPNEGO_MECHANISM", "SPNEGO", "Heimdal SPNEGO mechanism" }, { GSS_NTLM_MECHANISM, "GSS_NTLM_MECHANISM", "NTLM", "Heimdal NTLM mechanism" }, - { NULL } + { NULL, NULL, NULL, NULL } }; diff --git a/lib/gssapi/ntlm/external.c b/lib/gssapi/ntlm/external.c index d0474f4ec..aea76cb78 100644 --- a/lib/gssapi/ntlm/external.c +++ b/lib/gssapi/ntlm/external.c @@ -120,6 +120,9 @@ static gssapi_mech_interface_desc ntlm_mech = { NULL, NULL, NULL, + NULL, + NULL, + NULL, }; gssapi_mech_interface diff --git a/lib/gssapi/ntlm/init_sec_context.c b/lib/gssapi/ntlm/init_sec_context.c index bae04e174..384e9815a 100644 --- a/lib/gssapi/ntlm/init_sec_context.c +++ b/lib/gssapi/ntlm/init_sec_context.c @@ -103,6 +103,7 @@ get_user_ccache(const ntlm_name name, char **username, struct ntlm_buf *key) krb5_error_code ret; char *confname; krb5_data data; + int aret; *username = NULL; krb5_data_zero(&data); @@ -128,8 +129,8 @@ get_user_ccache(const ntlm_name name, char **username, struct ntlm_buf *key) if (ret) goto out; - asprintf(&confname, "ntlm-key-%s", name->domain); - if (confname == NULL) { + aret = asprintf(&confname, "ntlm-key-%s", name->domain); + if (aret == -1) { krb5_clear_error_message(context); ret = ENOMEM; goto out; diff --git a/lib/gssapi/spnego/external.c b/lib/gssapi/spnego/external.c index ca06d46e8..937ab1d11 100644 --- a/lib/gssapi/spnego/external.c +++ b/lib/gssapi/spnego/external.c @@ -66,11 +66,19 @@ static gss_mo_desc spnego_mo[] = { }, { GSS_C_MA_MECH_NEGO, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL }, { GSS_C_MA_MECH_PSEUDO, - GSS_MO_MA + GSS_MO_MA, + NULL, + NULL, + NULL, + NULL } }; @@ -134,6 +142,9 @@ static gssapi_mech_interface_desc spnego_mech = { NULL, NULL, NULL, + NULL, + NULL, + NULL, }; gssapi_mech_interface diff --git a/lib/hdb/db3.c b/lib/hdb/db3.c index e4d326b4a..6155bc8ef 100644 --- a/lib/hdb/db3.c +++ b/lib/hdb/db3.c @@ -176,16 +176,24 @@ DB_rename(krb5_context context, HDB *db, const char *new_name) int ret; char *old, *new; - asprintf(&old, "%s.db", db->hdb_name); - asprintf(&new, "%s.db", new_name); + ret = asprintf(&old, "%s.db", db->hdb_name); + if (ret == -1) + return ENOMEM; + ret = asprintf(&new, "%s.db", new_name); + if (ret == -1) { + free(old); + return ENOMEM; + } ret = rename(old, new); free(old); - free(new); - if(ret) + if(ret) { + free(new); return errno; + } free(db->hdb_name); - db->hdb_name = strdup(new_name); + new[strlen(new) - 3] = '\0'; + db->hdb_name = new; return 0; } @@ -271,6 +279,7 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) krb5_error_code ret; DB *d; int myflags = 0; + int aret; if (flags & O_CREAT) myflags |= DB_CREATE; @@ -284,8 +293,8 @@ DB_open(krb5_context context, HDB *db, int flags, mode_t mode) if (flags & O_TRUNC) myflags |= DB_TRUNCATE; - asprintf(&fn, "%s.db", db->hdb_name); - if (fn == NULL) { + aret = asprintf(&fn, "%s.db", db->hdb_name); + if (aret == -1) { krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } diff --git a/lib/hdb/dbinfo.c b/lib/hdb/dbinfo.c index 52e394106..a85e3fc50 100644 --- a/lib/hdb/dbinfo.c +++ b/lib/hdb/dbinfo.c @@ -153,12 +153,14 @@ hdb_get_dbinfo(krb5_context context, struct hdb_dbinfo **dbp) p = strrchr(di->dbname, '.'); if(p == NULL || strchr(p, '/') != NULL) /* final pathname component does not contain a . */ - asprintf(&di->mkey_file, "%s.mkey", di->dbname); + ret = asprintf(&di->mkey_file, "%s.mkey", di->dbname); else /* the filename is something.else, replace .else with .mkey */ - asprintf(&di->mkey_file, "%.*s.mkey", - (int)(p - di->dbname), di->dbname); + ret = asprintf(&di->mkey_file, "%.*s.mkey", + (int)(p - di->dbname), di->dbname); + if (ret == -1) + return ENOMEM; } if(di->acl_file == NULL) di->acl_file = strdup(default_acl); diff --git a/lib/hdb/keytab.c b/lib/hdb/keytab.c index c72b797da..84a8ea9c0 100644 --- a/lib/hdb/keytab.c +++ b/lib/hdb/keytab.c @@ -420,5 +420,7 @@ krb5_kt_ops hdb_kt_ops = { hdb_next_entry, hdb_end_seq_get, NULL, /* add */ - NULL /* remove */ + NULL, /* remove */ + NULL, + 0 }; diff --git a/lib/hdb/test_dbinfo.c b/lib/hdb/test_dbinfo.c index efe50afb6..b94b75bb3 100644 --- a/lib/hdb/test_dbinfo.c +++ b/lib/hdb/test_dbinfo.c @@ -38,8 +38,8 @@ static int help_flag; static int version_flag; struct getargs args[] = { - { "help", 'h', arg_flag, &help_flag }, - { "version", 0, arg_flag, &version_flag } + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/lib/hdb/test_hdbkeys.c b/lib/hdb/test_hdbkeys.c index 873c00f3a..ce4e59fa1 100644 --- a/lib/hdb/test_hdbkeys.c +++ b/lib/hdb/test_hdbkeys.c @@ -40,9 +40,9 @@ static int version_flag; static int kvno_integer = 1; struct getargs args[] = { - { "kvno", 'd', arg_integer, &kvno_integer }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 0, arg_flag, &version_flag } + { "kvno", 'd', arg_integer, &kvno_integer, NULL, NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/lib/hdb/test_mkey.c b/lib/hdb/test_mkey.c index 11032d078..97399c6b5 100644 --- a/lib/hdb/test_mkey.c +++ b/lib/hdb/test_mkey.c @@ -8,9 +8,9 @@ static int help_flag; static int version_flag; struct getargs args[] = { - { "mkey-file", 0, arg_string, &mkey_file }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 0, arg_flag, &version_flag } + { "mkey-file", 0, arg_string, &mkey_file, NULL, NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/lib/hx509/ca.c b/lib/hx509/ca.c index cb5a7be62..e2a95fe7e 100644 --- a/lib/hx509/ca.c +++ b/lib/hx509/ca.c @@ -965,8 +965,8 @@ build_proxy_prefix(hx509_context context, const Name *issuer, Name *subject) } t = time(NULL); - asprintf(&tstr, "ts-%lu", (unsigned long)t); - if (tstr == NULL) { + ret = asprintf(&tstr, "ts-%lu", (unsigned long)t); + if (ret == -1 || tstr == NULL) { hx509_set_error_string(context, 0, ENOMEM, "Failed to copy subject name"); return ENOMEM; diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c index 70e575603..75b7b3810 100644 --- a/lib/hx509/cert.c +++ b/lib/hx509/cert.c @@ -3425,7 +3425,9 @@ _hx509_cert_to_env(hx509_context context, hx509_cert cert, hx509_env *env) *env = NULL; /* version */ - asprintf(&buf, "%d", _hx509_cert_get_version(_hx509_get_cert(cert))); + ret = asprintf(&buf, "%d", _hx509_cert_get_version(_hx509_get_cert(cert))); + if (ret == -1) + goto out; ret = hx509_env_add(context, &envcert, "version", buf); free(buf); if (ret) diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c index 4e0a2e03f..49a948570 100644 --- a/lib/hx509/cms.c +++ b/lib/hx509/cms.c @@ -209,7 +209,7 @@ unparse_CMSIdentifier(hx509_context context, CMSIdentifier *id, char **str) { - int ret; + int ret = -1; *str = NULL; switch (id->element) { @@ -227,8 +227,8 @@ unparse_CMSIdentifier(hx509_context context, free(name); return ret; } - asprintf(str, "certificate issued by %s with serial number %s", - name, serial); + ret = asprintf(str, "certificate issued by %s with serial number %s", + name, serial); free(name); free(serial); break; @@ -242,15 +242,19 @@ unparse_CMSIdentifier(hx509_context context, if (len < 0) return ENOMEM; - asprintf(str, "certificate with id %s", keyid); + ret = asprintf(str, "certificate with id %s", keyid); free(keyid); break; } default: - asprintf(str, "certificate have unknown CMSidentifier type"); + ret = asprintf(str, "certificate have unknown CMSidentifier type"); break; } - if (*str == NULL) + /* + * In the following if, we check ret and *str which should be returned/set + * by asprintf(3) in every branch of the switch statement. + */ + if (ret == -1 || *str == NULL) return ENOMEM; return 0; } diff --git a/lib/hx509/error.c b/lib/hx509/error.c index 32c92cf1b..be09414bf 100644 --- a/lib/hx509/error.c +++ b/lib/hx509/error.c @@ -194,13 +194,14 @@ hx509_err(hx509_context context, int exit_code, va_list ap; const char *msg; char *str; + int ret; va_start(ap, fmt); - vasprintf(&str, fmt, ap); + ret = vasprintf(&str, fmt, ap); va_end(ap); msg = hx509_get_error_string(context, error_code); if (msg == NULL) msg = "no error"; - errx(exit_code, "%s: %s", str, msg); + errx(exit_code, "%s: %s", ret != -1 ? str : "ENOMEM", msg); } diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c index 4bd467f42..204110b03 100644 --- a/lib/hx509/hxtool.c +++ b/lib/hx509/hxtool.c @@ -372,9 +372,9 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv) infile = argv[0]; if (argc < 2) { - asprintf(&outfile, "%s.%s", infile, - opt->pem_flag ? "pem" : "cms-signeddata"); - if (outfile == NULL) + ret = asprintf(&outfile, "%s.%s", infile, + opt->pem_flag ? "pem" : "cms-signeddata"); + if (ret == -1 || outfile == NULL) errx(1, "out of memory"); } else outfile = argv[1]; diff --git a/lib/hx509/keyset.c b/lib/hx509/keyset.c index c0275d949..fcfc0b3b7 100644 --- a/lib/hx509/keyset.c +++ b/lib/hx509/keyset.c @@ -752,11 +752,12 @@ _hx509_pi_printf(int (*func)(void *, const char *), void *ctx, { va_list ap; char *str; + int ret; va_start(ap, fmt); - vasprintf(&str, fmt, ap); + ret = vasprintf(&str, fmt, ap); va_end(ap); - if (str == NULL) + if (ret == -1 || str == NULL) return; (*func)(ctx, str); free(str); diff --git a/lib/hx509/ks_dir.c b/lib/hx509/ks_dir.c index 264b1bf55..1740dfe42 100644 --- a/lib/hx509/ks_dir.c +++ b/lib/hx509/ks_dir.c @@ -211,7 +211,10 @@ static struct hx509_keyset_ops keyset_dir = { NULL, dir_iter_start, dir_iter, - dir_iter_end + dir_iter_end, + NULL, + NULL, + NULL }; void diff --git a/lib/hx509/ks_null.c b/lib/hx509/ks_null.c index 136d2d434..5ac0beb7b 100644 --- a/lib/hx509/ks_null.c +++ b/lib/hx509/ks_null.c @@ -87,7 +87,10 @@ struct hx509_keyset_ops keyset_null = { NULL, null_iter_start, null_iter, - null_iter_end + null_iter_end, + NULL, + NULL, + NULL }; void diff --git a/lib/hx509/ks_p11.c b/lib/hx509/ks_p11.c index 120bf43ef..bb70f8dfe 100644 --- a/lib/hx509/ks_p11.c +++ b/lib/hx509/ks_p11.c @@ -226,6 +226,7 @@ static const RSA_METHOD p11_rsa_pkcs1_method = { 0, NULL, NULL, + NULL, NULL }; @@ -330,8 +331,10 @@ p11_init_slot(hx509_context context, break; } - asprintf(&slot->name, "%.*s", - (int)i, slot_info.slotDescription); + ret = asprintf(&slot->name, "%.*s", (int)i, + slot_info.slotDescription); + if (ret == -1) + return ENOMEM; if ((slot_info.flags & CKF_TOKEN_PRESENT) == 0) return 0; @@ -422,7 +425,12 @@ p11_get_session(hx509_context context, memset(&prompt, 0, sizeof(prompt)); - asprintf(&str, "PIN code for %s: ", slot->name); + ret = asprintf(&str, "PIN code for %s: ", slot->name); + if (ret == -1 || str == NULL) { + if (context) + hx509_set_error_string(context, 0, ENOMEM, "out of memory"); + return ENOMEM; + } prompt.prompt = str; prompt.type = HX509_PROMPT_TYPE_PASSWORD; prompt.reply.data = pin; @@ -717,9 +725,9 @@ collect_cert(hx509_context context, if ((CK_LONG)query[2].ulValueLen != -1) { char *str; - asprintf(&str, "%.*s", - (int)query[2].ulValueLen, (char *)query[2].pValue); - if (str) { + ret = asprintf(&str, "%.*s", + (int)query[2].ulValueLen, (char *)query[2].pValue); + if (ret != -1 && str) { hx509_cert_set_friendly_name(cert, str); free(str); } @@ -1176,7 +1184,9 @@ static struct hx509_keyset_ops keyset_pkcs11 = { p11_iter_start, p11_iter, p11_iter_end, - p11_printinfo + p11_printinfo, + NULL, + NULL }; #endif /* HAVE_DLOPEN */ diff --git a/lib/hx509/ks_p12.c b/lib/hx509/ks_p12.c index 0ca13de1e..098cb5ebe 100644 --- a/lib/hx509/ks_p12.c +++ b/lib/hx509/ks_p12.c @@ -697,7 +697,10 @@ static struct hx509_keyset_ops keyset_pkcs12 = { NULL, p12_iter_start, p12_iter, - p12_iter_end + p12_iter_end, + NULL, + NULL, + NULL }; void diff --git a/lib/hx509/lock.c b/lib/hx509/lock.c index b72d45962..52f72dba1 100644 --- a/lib/hx509/lock.c +++ b/lib/hx509/lock.c @@ -47,7 +47,10 @@ struct hx509_lock_data { }; static struct hx509_lock_data empty_lock_data = { - { 0, NULL } + { 0, NULL }, + NULL, + NULL, + NULL }; hx509_lock _hx509_empty_lock = &empty_lock_data; diff --git a/lib/hx509/softp11.c b/lib/hx509/softp11.c index 38f587e0f..2fb81a024 100644 --- a/lib/hx509/softp11.c +++ b/lib/hx509/softp11.c @@ -615,7 +615,11 @@ add_certificate(const char *cert_file, if (pin) { char *str; - asprintf(&str, "PASS:%s", pin); + ret = asprintf(&str, "PASS:%s", pin); + if (ret == -1 || !str) { + st_logf("failed to allocate memory\n"); + return CKR_GENERAL_ERROR; + } hx509_lock_init(context, &lock); hx509_lock_command_string(lock, str); @@ -815,6 +819,7 @@ get_config_file_for_user(void) #ifndef _WIN32 char *home = NULL; + int ret; if (!issuid()) { fn = getenv("SOFTPKCS11RC"); @@ -828,9 +833,11 @@ get_config_file_for_user(void) home = pw->pw_dir; } if (fn == NULL) { - if (home) - asprintf(&fn, "%s/.soft-token.rc", home); - else + if (home) { + ret = asprintf(&fn, "%s/.soft-token.rc", home); + if (ret == -1) + fn = NULL; + } else fn = strdup("/etc/soft-token.rc"); } #else /* Windows */ @@ -1205,8 +1212,13 @@ C_Login(CK_SESSION_HANDLE hSession, VERIFY_SESSION_HANDLE(hSession, NULL); if (pPin != NULL_PTR) { - asprintf(&pin, "%.*s", (int)ulPinLen, pPin); - st_logf("type: %d password: %s\n", (int)userType, pin); + int aret; + + aret = asprintf(&pin, "%.*s", (int)ulPinLen, pPin); + if (aret != -1 && pin) + st_logf("type: %d password: %s\n", (int)userType, pin); + else + st_logf("memory error: asprintf failed\n"); } /* diff --git a/lib/ipc/client.c b/lib/ipc/client.c index bb7d9750b..a51e91c99 100644 --- a/lib/ipc/client.c +++ b/lib/ipc/client.c @@ -352,10 +352,12 @@ common_path_init(const char *service, return ENOMEM; s->fd = -1; - asprintf(&s->path, "/var/run/.heim_%s-%s", service, file); + if (asprintf(&s->path, "/var/run/.heim_%s-%s", service, file) == -1) { + free(s); + return ENOMEM; + } *ctx = s; - return 0; } diff --git a/lib/ipc/tc.c b/lib/ipc/tc.c index 8b56d21aa..b8f8e278d 100644 --- a/lib/ipc/tc.c +++ b/lib/ipc/tc.c @@ -46,8 +46,8 @@ static int help_flag; static int version_flag; static struct getargs args[] = { - { "help", 'h', arg_flag, &help_flag }, - { "version", 'v', arg_flag, &version_flag } + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 'v', arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/lib/ipc/ts-http.c b/lib/ipc/ts-http.c index b493079d9..fbeb31956 100644 --- a/lib/ipc/ts-http.c +++ b/lib/ipc/ts-http.c @@ -44,8 +44,8 @@ static int help_flag; static int version_flag; static struct getargs args[] = { - { "help", 'h', arg_flag, &help_flag }, - { "version", 'v', arg_flag, &version_flag } + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 'v', arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/lib/ipc/ts.c b/lib/ipc/ts.c index 680d77bc9..e0f846eee 100644 --- a/lib/ipc/ts.c +++ b/lib/ipc/ts.c @@ -44,8 +44,8 @@ static int help_flag; static int version_flag; static struct getargs args[] = { - { "help", 'h', arg_flag, &help_flag }, - { "version", 'v', arg_flag, &version_flag } + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 'v', arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/lib/kadm5/ad.c b/lib/kadm5/ad.c index 6fd42d66e..731a37e03 100644 --- a/lib/kadm5/ad.c +++ b/lib/kadm5/ad.c @@ -484,13 +484,14 @@ ad_get_cred(kadm5_ad_context *context, const char *password) kadm5_ret_t ret; krb5_ccache cc; char *service; + int aret; if (context->ccache) return 0; - asprintf(&service, "%s/%s@%s", KRB5_TGS_NAME, - context->realm, context->realm); - if (service == NULL) + aret = asprintf(&service, "%s/%s@%s", KRB5_TGS_NAME, + context->realm, context->realm); + if (aret == -1 || service == NULL) return ENOMEM; ret = _kadm5_c_get_cred_cache(context->context, diff --git a/lib/kadm5/context_s.c b/lib/kadm5/context_s.c index d5b9d4f25..fe716a240 100644 --- a/lib/kadm5/context_s.c +++ b/lib/kadm5/context_s.c @@ -130,6 +130,7 @@ find_db_spec(kadm5_server_context *ctx) krb5_context context = ctx->context; struct hdb_dbinfo *info, *d; krb5_error_code ret; + int aret; if (ctx->config.realm) { /* fetch the databases */ @@ -169,12 +170,24 @@ find_db_spec(kadm5_server_context *ctx) if (ctx->config.dbname == NULL) ctx->config.dbname = strdup(hdb_default_db(context)); - if (ctx->config.acl_file == NULL) - asprintf(&ctx->config.acl_file, "%s/kadmind.acl", hdb_db_dir(context)); - if (ctx->config.stash_file == NULL) - asprintf(&ctx->config.stash_file, "%s/m-key", hdb_db_dir(context)); - if (ctx->log_context.log_file == NULL) - asprintf(&ctx->log_context.log_file, "%s/log", hdb_db_dir(context)); + if (ctx->config.acl_file == NULL) { + aret = asprintf(&ctx->config.acl_file, "%s/kadmind.acl", + hdb_db_dir(context)); + if (aret == -1) + return ENOMEM; + } + if (ctx->config.stash_file == NULL) { + aret = asprintf(&ctx->config.stash_file, "%s/m-key", + hdb_db_dir(context)); + if (aret == -1) + return ENOMEM; + } + if (ctx->log_context.log_file == NULL) { + aret = asprintf(&ctx->log_context.log_file, "%s/log", + hdb_db_dir(context)); + if (aret == -1) + return ENOMEM; + } #ifndef NO_UNIX_SOCKETS set_socket_name(context, &ctx->log_context.socket_name); diff --git a/lib/kadm5/get_princs_s.c b/lib/kadm5/get_princs_s.c index a351e4390..26c3d6729 100644 --- a/lib/kadm5/get_princs_s.c +++ b/lib/kadm5/get_princs_s.c @@ -96,9 +96,14 @@ kadm5_s_get_principals(void *server_handle, d.exp = expression; { krb5_realm r; + int aret; + krb5_get_default_realm(context->context, &r); - asprintf(&d.exp2, "%s@%s", expression, r); + aret = asprintf(&d.exp2, "%s@%s", expression, r); free(r); + if (aret == -1 || d.exp2 == NULL) { + return ENOMEM; + } } d.princs = NULL; d.count = 0; diff --git a/lib/kadm5/init_c.c b/lib/kadm5/init_c.c index f21cd32e6..f6fd6d3dc 100644 --- a/lib/kadm5/init_c.c +++ b/lib/kadm5/init_c.c @@ -479,11 +479,12 @@ kadm_connect(kadm5_client_context *ctx) } if (ctx->realm) - asprintf(&service_name, "%s@%s", KADM5_ADMIN_SERVICE, ctx->realm); + error = asprintf(&service_name, "%s@%s", KADM5_ADMIN_SERVICE, + ctx->realm); else - asprintf(&service_name, "%s", KADM5_ADMIN_SERVICE); + error = asprintf(&service_name, "%s", KADM5_ADMIN_SERVICE); - if (service_name == NULL) { + if (error == -1 || service_name == NULL) { freeaddrinfo (ai); rk_closesocket(s); krb5_clear_error_message(context); diff --git a/lib/kadm5/iprop-log.c b/lib/kadm5/iprop-log.c index b201de66d..598fbc52a 100644 --- a/lib/kadm5/iprop-log.c +++ b/lib/kadm5/iprop-log.c @@ -47,11 +47,12 @@ get_kadmin_context(const char *config_file, char *realm) krb5_error_code ret; void *kadm_handle; char **files; + int aret; if (config_file == NULL) { char *file; - asprintf(&file, "%s/kdc.conf", hdb_db_dir(context)); - if (file == NULL) + aret = asprintf(&file, "%s/kdc.conf", hdb_db_dir(context)); + if (aret == -1 || file == NULL) errx(1, "out of memory"); config_file = file; } diff --git a/lib/kadm5/ipropd_master.c b/lib/kadm5/ipropd_master.c index e92526e26..a60c21ed8 100644 --- a/lib/kadm5/ipropd_master.c +++ b/lib/kadm5/ipropd_master.c @@ -623,24 +623,25 @@ open_stats(krb5_context context) { char *statfile = NULL; const char *fn; - FILE *f; + int ret; if (slave_stats_file) fn = slave_stats_file; else { - asprintf(&statfile, "%s/slaves-stats", hdb_db_dir(context)); + ret = asprintf(&statfile, "%s/slaves-stats", hdb_db_dir(context)); + if (ret == -1) + return NULL; fn = krb5_config_get_string_default(context, NULL, statfile, "kdc", "iprop-stats", NULL); - } - f = fopen(fn, "w"); - if (statfile) free(statfile); - - return f; + } + if (fn == NULL) + return NULL; + return fopen(fn, "w"); } static void @@ -776,6 +777,7 @@ main(int argc, char **argv) uint32_t current_version = 0, old_version = 0; krb5_keytab keytab; char **files; + int aret; (void) krb5_program_setup(&context, argc, argv, args, num_args, NULL); @@ -789,8 +791,8 @@ main(int argc, char **argv) setup_signal(); if (config_file == NULL) { - asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); - if (config_file == NULL) + aret = asprintf(&config_file, "%s/kdc.conf", hdb_db_dir(context)); + if (aret == -1 || config_file == NULL) errx(1, "out of memory"); } @@ -811,8 +813,13 @@ main(int argc, char **argv) krb5_errx (context, 1, "couldn't parse time: %s", slave_time_missing); #ifdef SUPPORT_DETACH - if (detach_from_console) - daemon(0, 0); + if (detach_from_console) { + aret = daemon(0, 0); + if (aret == -1) { + /* not much to do if detaching fails... */ + krb5_err(context, 1, aret, "failed to daemon(3)ise"); + } + } #endif pidfile (NULL); krb5_openlog (context, "ipropd-master", &log_facility); diff --git a/lib/kadm5/ipropd_slave.c b/lib/kadm5/ipropd_slave.c index f80ac0544..55523d2ea 100644 --- a/lib/kadm5/ipropd_slave.c +++ b/lib/kadm5/ipropd_slave.c @@ -107,6 +107,7 @@ get_creds(krb5_context context, const char *keytab_str, krb5_creds creds; char *server; char keytab_buf[256]; + int aret; if (keytab_str == NULL) { ret = krb5_kt_default_name (context, keytab_buf, sizeof(keytab_buf)); @@ -127,8 +128,8 @@ get_creds(krb5_context context, const char *keytab_str, ret = krb5_get_init_creds_opt_alloc(context, &init_opts); if (ret) krb5_err(context, 1, ret, "krb5_get_init_creds_opt_alloc"); - asprintf (&server, "%s/%s", IPROP_NAME, serverhost); - if (server == NULL) + aret = asprintf (&server, "%s/%s", IPROP_NAME, serverhost); + if (aret == -1 || server == NULL) krb5_errx (context, 1, "malloc: no memory"); ret = krb5_get_init_creds_keytab(context, &creds, client, keytab, @@ -374,7 +375,9 @@ receive_everything (krb5_context context, int fd, krb5_warnx(context, "receive complete database"); - asprintf(&dbname, "%s-NEW", server_context->db->hdb_name); + ret = asprintf(&dbname, "%s-NEW", server_context->db->hdb_name); + if (ret == -1) + krb5_err(context, 1, ENOMEM, "asprintf"); ret = hdb_create(context, &mydb, dbname); if(ret) krb5_err(context,1, ret, "hdb_create"); @@ -563,6 +566,7 @@ main(int argc, char **argv) time_t reconnect_max; time_t reconnect; time_t before = 0; + int aret; const char *master; @@ -615,8 +619,13 @@ main(int argc, char **argv) slave_status(context, status_file, "bootstrapping\n"); #ifdef SUPPORT_DETACH - if (detach_from_console) - daemon(0, 0); + if (detach_from_console){ + aret = daemon(0, 0); + if (aret == -1) { + /* not much to do if detaching fails... */ + krb5_err(context, 1, aret, "failed to daemon(3)ise"); + } + } #endif pidfile (NULL); krb5_openlog (context, "ipropd-slave", &log_facility); diff --git a/lib/kadm5/log.c b/lib/kadm5/log.c index 76084b09a..a3e23e36a 100644 --- a/lib/kadm5/log.c +++ b/lib/kadm5/log.c @@ -1015,9 +1015,13 @@ static HEIMDAL_MUTEX signal_mutex = HEIMDAL_MUTEX_INITIALIZER; const char * kadm5_log_signal_socket(krb5_context context) { + int ret = 0; + HEIMDAL_MUTEX_lock(&signal_mutex); if (!default_signal) - asprintf(&default_signal, "%s/signal", hdb_db_dir(context)); + ret = asprintf(&default_signal, "%s/signal", hdb_db_dir(context)); + if (ret == -1) + default_signal = NULL; HEIMDAL_MUTEX_unlock(&signal_mutex); return krb5_config_get_string_default(context, diff --git a/lib/kadm5/test_pw_quality.c b/lib/kadm5/test_pw_quality.c index e3c8d2f0f..ebef429c4 100644 --- a/lib/kadm5/test_pw_quality.c +++ b/lib/kadm5/test_pw_quality.c @@ -42,10 +42,10 @@ static char *principal; static char *password; static struct getargs args[] = { - { "principal", 0, arg_string, &principal }, - { "password", 0, arg_string, &password }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "principal", 0, arg_string, &principal, NULL, NULL }, + { "password", 0, arg_string, &password, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); diff --git a/lib/kafs/common.c b/lib/kafs/common.c index a14eea8dd..ff42cf7ec 100644 --- a/lib/kafs/common.c +++ b/lib/kafs/common.c @@ -349,13 +349,19 @@ _kafs_try_get_cred(struct kafs_data *data, const char *user, const char *cell, if (kafs_verbose) { const char *estr = (*data->get_error)(data, ret); char *str; - asprintf(&str, "%s tried afs%s%s@%s -> %s (%d)", - data->name, cell ? "/" : "", - cell ? cell : "", realm, estr ? estr : "unknown", ret); - (*kafs_verbose)(kafs_verbose_ctx, str); + int aret; + + aret = asprintf(&str, "%s tried afs%s%s@%s -> %s (%d)", + data->name, cell ? "/" : "", + cell ? cell : "", realm, estr ? estr : "unknown", ret); + if (aret != -1) { + (*kafs_verbose)(kafs_verbose_ctx, str); + free(str); + } else { + (*kafs_verbose)(kafs_verbose_ctx, "out of memory"); + } if (estr) (*data->free_error)(data, estr); - free(str); } return ret; diff --git a/lib/krb5/addr_families.c b/lib/krb5/addr_families.c index 5d321a7e9..52252a03d 100644 --- a/lib/krb5/addr_families.c +++ b/lib/krb5/addr_families.c @@ -799,6 +799,7 @@ static struct addr_operations at[] = { NULL, NULL, NULL, + NULL, NULL } }; diff --git a/lib/krb5/config_file.c b/lib/krb5/config_file.c index 4ac25ae28..00b3d6d58 100644 --- a/lib/krb5/config_file.c +++ b/lib/krb5/config_file.c @@ -444,8 +444,10 @@ krb5_config_parse_file_multi (krb5_context context, home = pw->pw_dir; } if (home) { - asprintf(&newfname, "%s%s", home, &fname[1]); - if (newfname == NULL) { + int aret; + + aret = asprintf(&newfname, "%s%s", home, &fname[1]); + if (aret == -1 || newfname == NULL) { krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; diff --git a/lib/krb5/crypto-null.c b/lib/krb5/crypto-null.c index b647a6d10..12ded391c 100644 --- a/lib/krb5/crypto-null.c +++ b/lib/krb5/crypto-null.c @@ -45,6 +45,9 @@ static struct _krb5_key_type keytype_null = { 0, NULL, NULL, + NULL, + NULL, + NULL, NULL }; diff --git a/lib/krb5/derived-key-test.c b/lib/krb5/derived-key-test.c index a67c95a54..ba58c8bce 100644 --- a/lib/krb5/derived-key-test.c +++ b/lib/krb5/derived-key-test.c @@ -72,7 +72,7 @@ static struct testcase { {ETYPE_DES3_CBC_SHA1, {0x00, 0x00, 0x00, 0x01, 0xaa}, 5, {0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f, 0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4, 0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16}, {0xf4, 0x8f, 0xfd, 0x6e, 0x83, 0xf8, 0x3e, 0x73, 0x54, 0xe6, 0x94, 0xfd, 0x25, 0x2c, 0xf8, 0x3b, 0xfe, 0x58, 0xf7, 0xd5, 0xba, 0x37, 0xec, 0x5d}}, - {0} + {0, {0}, 0, {0}, {0}} }; int diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index 0cc866cd3..708710c3d 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -2473,10 +2473,19 @@ krb5_get_init_creds_password(krb5_context context, krb5_prompt prompt; krb5_data password_data; char *p, *q; + int aret = -1; - krb5_unparse_name (context, client, &p); - asprintf (&q, "%s's Password: ", p); - free (p); + ret = krb5_unparse_name (context, client, &p); + if (!ret) { + aret = asprintf (&q, "%s's Password: ", p); + free (p); + } + if (!ret || aret == -1 || !q) { + if (!ret) + ret = ENOMEM; + krb5_clear_error_message (context); + goto out; + } prompt.prompt = q; password_data.data = buf; password_data.length = sizeof(buf); diff --git a/lib/krb5/kcm.c b/lib/krb5/kcm.c index 5a28b5138..6d783d7d5 100644 --- a/lib/krb5/kcm.c +++ b/lib/krb5/kcm.c @@ -963,6 +963,7 @@ kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops, krb5_storage *request, *response; krb5_data response_data; char *name; + int aret; *str = NULL; @@ -981,9 +982,9 @@ kcm_get_default_name(krb5_context context, const krb5_cc_ops *ops, if (ret) return ret; - asprintf(str, "%s:%s", ops->prefix, name); + aret = asprintf(str, "%s:%s", ops->prefix, name); free(name); - if (str == NULL) + if (aret == -1 || str == NULL) return ENOMEM; return 0; diff --git a/lib/krb5/keytab_any.c b/lib/krb5/keytab_any.c index d5ac4883d..a808311b8 100644 --- a/lib/krb5/keytab_any.c +++ b/lib/krb5/keytab_any.c @@ -257,5 +257,7 @@ const krb5_kt_ops krb5_any_ops = { any_next_entry, any_end_seq_get, any_add_entry, - any_remove_entry + any_remove_entry, + NULL, + 0 }; diff --git a/lib/krb5/keytab_file.c b/lib/krb5/keytab_file.c index ccaf62fcb..51cdd3178 100644 --- a/lib/krb5/keytab_file.c +++ b/lib/krb5/keytab_file.c @@ -776,7 +776,9 @@ const krb5_kt_ops krb5_fkt_ops = { fkt_next_entry, fkt_end_seq_get, fkt_add_entry, - fkt_remove_entry + fkt_remove_entry, + NULL, + 0 }; const krb5_kt_ops krb5_wrfkt_ops = { @@ -790,7 +792,9 @@ const krb5_kt_ops krb5_wrfkt_ops = { fkt_next_entry, fkt_end_seq_get, fkt_add_entry, - fkt_remove_entry + fkt_remove_entry, + NULL, + 0 }; const krb5_kt_ops krb5_javakt_ops = { @@ -804,5 +808,7 @@ const krb5_kt_ops krb5_javakt_ops = { fkt_next_entry, fkt_end_seq_get, fkt_add_entry, - fkt_remove_entry + fkt_remove_entry, + NULL, + 0 }; diff --git a/lib/krb5/keytab_keyfile.c b/lib/krb5/keytab_keyfile.c index 120083215..5c1dbff6e 100644 --- a/lib/krb5/keytab_keyfile.c +++ b/lib/krb5/keytab_keyfile.c @@ -462,7 +462,9 @@ const krb5_kt_ops krb5_akf_ops = { akf_next_entry, akf_end_seq_get, akf_add_entry, - NULL /* remove */ + NULL, /* remove */ + NULL, + 0 }; #endif /* HEIMDAL_SMALLER */ diff --git a/lib/krb5/keytab_memory.c b/lib/krb5/keytab_memory.c index 0ee684d36..c0deeab92 100644 --- a/lib/krb5/keytab_memory.c +++ b/lib/krb5/keytab_memory.c @@ -232,5 +232,7 @@ const krb5_kt_ops krb5_mkt_ops = { mkt_next_entry, mkt_end_seq_get, mkt_add_entry, - mkt_remove_entry + mkt_remove_entry, + NULL, + 0 }; diff --git a/lib/krb5/n-fold-test.c b/lib/krb5/n-fold-test.c index 452964522..2938b44b3 100644 --- a/lib/krb5/n-fold-test.c +++ b/lib/krb5/n-fold-test.c @@ -87,7 +87,7 @@ static struct testcase { 0x08, 0xa5, 0x08, 0x41, 0x22, 0x9a, 0xd7, 0x98, 0xfa, 0xb9, 0x54, 0x0c, 0x1b} }, - {NULL, 0} + {NULL, 0, {0}} }; int diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c index 1103a1780..e34188afa 100644 --- a/lib/krb5/pkinit.c +++ b/lib/krb5/pkinit.c @@ -183,10 +183,10 @@ find_cert(krb5_context context, struct krb5_pk_identity *id, hx509_query *q, hx509_cert *cert) { struct certfind cf[4] = { - { "MobileMe EKU" }, - { "PKINIT EKU" }, - { "MS EKU" }, - { "any (or no)" } + { "MobileMe EKU", NULL }, + { "PKINIT EKU", NULL }, + { "MS EKU", NULL }, + { "any (or no)", NULL } }; int ret = HX509_CERT_NOT_FOUND; size_t i, start = 1; diff --git a/lib/krb5/replay.c b/lib/krb5/replay.c index 965dd4443..747552fbd 100644 --- a/lib/krb5/replay.c +++ b/lib/krb5/replay.c @@ -205,6 +205,7 @@ krb5_rc_store(krb5_context context, time_t t; FILE *f; int ret; + size_t count; ent.stamp = time(NULL); checksum_authenticator(rep, ent.data); @@ -217,7 +218,9 @@ krb5_rc_store(krb5_context context, return ret; } rk_cloexec_file(f); - fread(&tmp, sizeof(ent), 1, f); + count = fread(&tmp, sizeof(ent), 1, f); + if(count != 1) + return KRB5_RC_IO_UNKNOWN; t = ent.stamp - tmp.stamp; while(fread(&tmp, sizeof(ent), 1, f)){ if(tmp.stamp < t) diff --git a/lib/krb5/salt-aes.c b/lib/krb5/salt-aes.c index 32dafd68c..d2076269d 100644 --- a/lib/krb5/salt-aes.c +++ b/lib/krb5/salt-aes.c @@ -99,5 +99,5 @@ struct salt_type _krb5_AES_salt[] = { "pw-salt", AES_string_to_key }, - { 0 } + { 0, NULL, NULL } }; diff --git a/lib/krb5/salt-arcfour.c b/lib/krb5/salt-arcfour.c index ab5e51270..f8a4b391e 100644 --- a/lib/krb5/salt-arcfour.c +++ b/lib/krb5/salt-arcfour.c @@ -108,5 +108,5 @@ struct salt_type _krb5_arcfour_salt[] = { "pw-salt", ARCFOUR_string_to_key }, - { 0 } + { 0, NULL, NULL } }; diff --git a/lib/krb5/salt-des.c b/lib/krb5/salt-des.c index 56b285f72..804b3f254 100644 --- a/lib/krb5/salt-des.c +++ b/lib/krb5/salt-des.c @@ -219,6 +219,6 @@ struct salt_type _krb5_des_salt[] = { DES_AFS3_string_to_key }, #endif - { 0 } + { 0, NULL, NULL } }; #endif diff --git a/lib/krb5/salt-des3.c b/lib/krb5/salt-des3.c index 79140a274..f2e40f2d5 100644 --- a/lib/krb5/salt-des3.c +++ b/lib/krb5/salt-des3.c @@ -136,7 +136,7 @@ struct salt_type _krb5_des3_salt[] = { "pw-salt", DES3_string_to_key }, - { 0 } + { 0, NULL, NULL } }; #endif @@ -146,5 +146,5 @@ struct salt_type _krb5_des3_salt_derived[] = { "pw-salt", DES3_string_to_key_derived }, - { 0 } + { 0, NULL, NULL } }; diff --git a/lib/krb5/scache.c b/lib/krb5/scache.c index 5c422c6a4..9bdc9d7d0 100644 --- a/lib/krb5/scache.c +++ b/lib/krb5/scache.c @@ -1445,7 +1445,10 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops = { scc_end_cache_get, scc_move, scc_get_default_name, - scc_set_default + scc_set_default, + NULL, + NULL, + NULL }; #endif diff --git a/lib/krb5/string-to-key-test.c b/lib/krb5/string-to-key-test.c index cb7081b9e..898857591 100644 --- a/lib/krb5/string-to-key-test.c +++ b/lib/krb5/string-to-key-test.c @@ -86,7 +86,7 @@ static struct testcase { {0x6d, 0x2f, 0xcd, 0xf2, 0xd6, 0xfb, 0xbc, 0x3d, 0xdc, 0xad, 0xb5, 0xda, 0x57, 0x10, 0xa2, 0x34, 0x89, 0xb0, 0xd3, 0xb6, 0x9d, 0x5d, 0x9d, 0x4a}}, {"Juri\xc5\xa1i\xc4\x87@ATHENA.MIT.EDU", "\xc3\x9f", ETYPE_DES3_CBC_SHA1, {0x16, 0xd5, 0xa4, 0x0e, 0x1c, 0xe3, 0xba, 0xcb, 0x61, 0xb9, 0xdc, 0xe0, 0x04, 0x70, 0x32, 0x4c, 0x83, 0x19, 0x73, 0xa7, 0xb9, 0x52, 0xfe, 0xb0}}, - {NULL} + {NULL, NULL, 0, {0}} }; int diff --git a/lib/krb5/test_cc.c b/lib/krb5/test_cc.c index 911fba524..c8290b6aa 100644 --- a/lib/krb5/test_cc.c +++ b/lib/krb5/test_cc.c @@ -293,31 +293,31 @@ struct { } cc_names[] = { { "foo", 0, "foo" }, { "foo%}", 0, "foo%}" }, - { "%{uid}", 0 }, + { "%{uid}", 0, NULL }, { "foo%{null}", 0, "foo" }, { "foo%{null}bar", 0, "foobar" }, - { "%{", 1 }, - { "%{foo %{", 1 }, - { "%{{", 1 }, - { "%{{}", 1 }, - { "%{nulll}", 1 }, - { "%{does not exist}", 1 }, - { "%{}", 1 }, + { "%{", 1, NULL }, + { "%{foo %{", 1, NULL }, + { "%{{", 1, NULL }, + { "%{{}", 1, NULL }, + { "%{nulll}", 1, NULL }, + { "%{does not exist}", 1, NULL }, + { "%{}", 1, NULL }, #ifdef KRB5_USE_PATH_TOKENS - { "%{APPDATA}", 0 }, - { "%{COMMON_APPDATA}", 0}, - { "%{LOCAL_APPDATA}", 0}, - { "%{SYSTEM}", 0}, - { "%{WINDOWS}", 0}, - { "%{TEMP}", 0}, - { "%{USERID}", 0}, - { "%{uid}", 0}, - { "%{USERCONFIG}", 0}, - { "%{COMMONCONFIG}", 0}, - { "%{LIBDIR}", 0}, - { "%{BINDIR}", 0}, - { "%{LIBEXEC}", 0}, - { "%{SBINDIR}", 0}, + { "%{APPDATA}", 0, NULL }, + { "%{COMMON_APPDATA}", 0, NULL}, + { "%{LOCAL_APPDATA}", 0, NULL}, + { "%{SYSTEM}", 0, NULL}, + { "%{WINDOWS}", 0, NULL}, + { "%{TEMP}", 0, NULL}, + { "%{USERID}", 0, NULL}, + { "%{uid}", 0, NULL}, + { "%{USERCONFIG}", 0, NULL}, + { "%{COMMONCONFIG}", 0, NULL}, + { "%{LIBDIR}", 0, NULL}, + { "%{BINDIR}", 0, NULL}, + { "%{LIBEXEC}", 0, NULL}, + { "%{SBINDIR}", 0, NULL}, #endif }; diff --git a/lib/krb5/verify_krb5_conf.c b/lib/krb5/verify_krb5_conf.c index 647a311a2..897cc2da7 100644 --- a/lib/krb5/verify_krb5_conf.c +++ b/lib/krb5/verify_krb5_conf.c @@ -353,227 +353,227 @@ struct entry { }; struct entry all_strings[] = { - { "", krb5_config_string, NULL }, - { NULL } + { "", krb5_config_string, NULL, 0 }, + { NULL, 0, NULL, 0 } }; struct entry all_boolean[] = { - { "", krb5_config_string, check_boolean }, - { NULL } + { "", krb5_config_string, check_boolean, 0 }, + { NULL, 0, NULL, 0 } }; struct entry v4_name_convert_entries[] = { - { "host", krb5_config_list, all_strings }, - { "plain", krb5_config_list, all_strings }, - { NULL } + { "host", krb5_config_list, all_strings, 0 }, + { "plain", krb5_config_list, all_strings, 0 }, + { NULL, 0, NULL, 0 } }; struct entry libdefaults_entries[] = { - { "accept_null_addresses", krb5_config_string, check_boolean }, - { "allow_weak_crypto", krb5_config_string, check_boolean }, + { "accept_null_addresses", krb5_config_string, check_boolean, 0 }, + { "allow_weak_crypto", krb5_config_string, check_boolean, 0 }, { "capath", krb5_config_list, all_strings, 1 }, - { "check_pac", krb5_config_string, check_boolean }, - { "clockskew", krb5_config_string, check_time }, - { "date_format", krb5_config_string, NULL }, - { "default_cc_name", krb5_config_string, NULL }, - { "default_etypes", krb5_config_string, NULL }, - { "default_etypes_des", krb5_config_string, NULL }, - { "default_keytab_modify_name", krb5_config_string, NULL }, - { "default_keytab_name", krb5_config_string, NULL }, - { "default_realm", krb5_config_string, NULL }, - { "dns_canonize_hostname", krb5_config_string, check_boolean }, - { "dns_proxy", krb5_config_string, NULL }, - { "dns_lookup_kdc", krb5_config_string, check_boolean }, - { "dns_lookup_realm", krb5_config_string, check_boolean }, - { "dns_lookup_realm_labels", krb5_config_string, NULL }, - { "egd_socket", krb5_config_string, NULL }, - { "encrypt", krb5_config_string, check_boolean }, - { "extra_addresses", krb5_config_string, NULL }, - { "fcache_version", krb5_config_string, check_numeric }, - { "fcc-mit-ticketflags", krb5_config_string, check_boolean }, - { "forward", krb5_config_string, check_boolean }, - { "forwardable", krb5_config_string, check_boolean }, - { "http_proxy", krb5_config_string, check_host /* XXX */ }, - { "ignore_addresses", krb5_config_string, NULL }, - { "kdc_timeout", krb5_config_string, check_time }, - { "kdc_timesync", krb5_config_string, check_boolean }, - { "log_utc", krb5_config_string, check_boolean }, - { "maxretries", krb5_config_string, check_numeric }, - { "scan_interfaces", krb5_config_string, check_boolean }, - { "srv_lookup", krb5_config_string, check_boolean }, - { "srv_try_txt", krb5_config_string, check_boolean }, - { "ticket_lifetime", krb5_config_string, check_time }, - { "time_format", krb5_config_string, NULL }, - { "transited_realms_reject", krb5_config_string, NULL }, - { "no-addresses", krb5_config_string, check_boolean }, - { "v4_instance_resolve", krb5_config_string, check_boolean }, - { "v4_name_convert", krb5_config_list, v4_name_convert_entries }, - { "verify_ap_req_nofail", krb5_config_string, check_boolean }, - { "max_retries", krb5_config_string, check_time }, - { "renew_lifetime", krb5_config_string, check_time }, - { "proxiable", krb5_config_string, check_boolean }, - { "warn_pwexpire", krb5_config_string, check_time }, + { "check_pac", krb5_config_string, check_boolean, 0 }, + { "clockskew", krb5_config_string, check_time, 0 }, + { "date_format", krb5_config_string, NULL, 0 }, + { "default_cc_name", krb5_config_string, NULL, 0 }, + { "default_etypes", krb5_config_string, NULL, 0 }, + { "default_etypes_des", krb5_config_string, NULL, 0 }, + { "default_keytab_modify_name", krb5_config_string, NULL, 0 }, + { "default_keytab_name", krb5_config_string, NULL, 0 }, + { "default_realm", krb5_config_string, NULL, 0 }, + { "dns_canonize_hostname", krb5_config_string, check_boolean, 0 }, + { "dns_proxy", krb5_config_string, NULL, 0 }, + { "dns_lookup_kdc", krb5_config_string, check_boolean, 0 }, + { "dns_lookup_realm", krb5_config_string, check_boolean, 0 }, + { "dns_lookup_realm_labels", krb5_config_string, NULL, 0 }, + { "egd_socket", krb5_config_string, NULL, 0 }, + { "encrypt", krb5_config_string, check_boolean, 0 }, + { "extra_addresses", krb5_config_string, NULL, 0 }, + { "fcache_version", krb5_config_string, check_numeric, 0 }, + { "fcc-mit-ticketflags", krb5_config_string, check_boolean, 0 }, + { "forward", krb5_config_string, check_boolean, 0 }, + { "forwardable", krb5_config_string, check_boolean, 0 }, + { "http_proxy", krb5_config_string, check_host /* XXX */, 0 }, + { "ignore_addresses", krb5_config_string, NULL, 0 }, + { "kdc_timeout", krb5_config_string, check_time, 0 }, + { "kdc_timesync", krb5_config_string, check_boolean, 0 }, + { "log_utc", krb5_config_string, check_boolean, 0 }, + { "maxretries", krb5_config_string, check_numeric, 0 }, + { "scan_interfaces", krb5_config_string, check_boolean, 0 }, + { "srv_lookup", krb5_config_string, check_boolean, 0 }, + { "srv_try_txt", krb5_config_string, check_boolean, 0 }, + { "ticket_lifetime", krb5_config_string, check_time, 0 }, + { "time_format", krb5_config_string, NULL, 0 }, + { "transited_realms_reject", krb5_config_string, NULL, 0 }, + { "no-addresses", krb5_config_string, check_boolean, 0 }, + { "v4_instance_resolve", krb5_config_string, check_boolean, 0 }, + { "v4_name_convert", krb5_config_list, v4_name_convert_entries, 0 }, + { "verify_ap_req_nofail", krb5_config_string, check_boolean, 0 }, + { "max_retries", krb5_config_string, check_time, 0 }, + { "renew_lifetime", krb5_config_string, check_time, 0 }, + { "proxiable", krb5_config_string, check_boolean, 0 }, + { "warn_pwexpire", krb5_config_string, check_time, 0 }, /* MIT stuff */ - { "permitted_enctypes", krb5_config_string, mit_entry }, - { "default_tgs_enctypes", krb5_config_string, mit_entry }, - { "default_tkt_enctypes", krb5_config_string, mit_entry }, - { NULL } + { "permitted_enctypes", krb5_config_string, mit_entry, 0 }, + { "default_tgs_enctypes", krb5_config_string, mit_entry, 0 }, + { "default_tkt_enctypes", krb5_config_string, mit_entry, 0 }, + { NULL, 0, NULL, 0 } }; struct entry appdefaults_entries[] = { - { "afslog", krb5_config_string, check_boolean }, - { "afs-use-524", krb5_config_string, check_524 }, - { "encrypt", krb5_config_string, check_boolean }, - { "forward", krb5_config_string, check_boolean }, - { "forwardable", krb5_config_string, check_boolean }, - { "proxiable", krb5_config_string, check_boolean }, - { "ticket_lifetime", krb5_config_string, check_time }, - { "renew_lifetime", krb5_config_string, check_time }, - { "no-addresses", krb5_config_string, check_boolean }, - { "krb4_get_tickets", krb5_config_string, check_boolean }, - { "pkinit_anchors", krb5_config_string, NULL }, - { "pkinit_win2k", krb5_config_string, NULL }, - { "pkinit_win2k_require_binding", krb5_config_string, NULL }, - { "pkinit_require_eku", krb5_config_string, NULL }, - { "pkinit_require_krbtgt_otherName", krb5_config_string, NULL }, - { "pkinit_require_hostname_match", krb5_config_string, NULL }, + { "afslog", krb5_config_string, check_boolean, 0 }, + { "afs-use-524", krb5_config_string, check_524, 0 }, + { "encrypt", krb5_config_string, check_boolean, 0 }, + { "forward", krb5_config_string, check_boolean, 0 }, + { "forwardable", krb5_config_string, check_boolean, 0 }, + { "proxiable", krb5_config_string, check_boolean, 0 }, + { "ticket_lifetime", krb5_config_string, check_time, 0 }, + { "renew_lifetime", krb5_config_string, check_time, 0 }, + { "no-addresses", krb5_config_string, check_boolean, 0 }, + { "krb4_get_tickets", krb5_config_string, check_boolean, 0 }, + { "pkinit_anchors", krb5_config_string, NULL, 0 }, + { "pkinit_win2k", krb5_config_string, NULL, 0 }, + { "pkinit_win2k_require_binding", krb5_config_string, NULL, 0 }, + { "pkinit_require_eku", krb5_config_string, NULL, 0 }, + { "pkinit_require_krbtgt_otherName", krb5_config_string, NULL, 0 }, + { "pkinit_require_hostname_match", krb5_config_string, NULL, 0 }, #if 0 - { "anonymous", krb5_config_string, check_boolean }, + { "anonymous", krb5_config_string, check_boolean, 0 }, #endif - { "", krb5_config_list, appdefaults_entries }, - { NULL } + { "", krb5_config_list, appdefaults_entries, 0 }, + { NULL, 0, NULL, 0 } }; struct entry realms_entries[] = { - { "forwardable", krb5_config_string, check_boolean }, - { "proxiable", krb5_config_string, check_boolean }, - { "ticket_lifetime", krb5_config_string, check_time }, - { "renew_lifetime", krb5_config_string, check_time }, - { "warn_pwexpire", krb5_config_string, check_time }, - { "kdc", krb5_config_string, check_host }, - { "admin_server", krb5_config_string, check_host }, - { "kpasswd_server", krb5_config_string, check_host }, - { "krb524_server", krb5_config_string, check_host }, - { "v4_name_convert", krb5_config_list, v4_name_convert_entries }, - { "v4_instance_convert", krb5_config_list, all_strings }, - { "v4_domains", krb5_config_string, NULL }, - { "default_domain", krb5_config_string, NULL }, - { "win2k_pkinit", krb5_config_string, NULL }, + { "forwardable", krb5_config_string, check_boolean, 0 }, + { "proxiable", krb5_config_string, check_boolean, 0 }, + { "ticket_lifetime", krb5_config_string, check_time, 0 }, + { "renew_lifetime", krb5_config_string, check_time, 0 }, + { "warn_pwexpire", krb5_config_string, check_time, 0 }, + { "kdc", krb5_config_string, check_host, 0 }, + { "admin_server", krb5_config_string, check_host, 0 }, + { "kpasswd_server", krb5_config_string, check_host, 0 }, + { "krb524_server", krb5_config_string, check_host, 0 }, + { "v4_name_convert", krb5_config_list, v4_name_convert_entries, 0 }, + { "v4_instance_convert", krb5_config_list, all_strings, 0 }, + { "v4_domains", krb5_config_string, NULL, 0 }, + { "default_domain", krb5_config_string, NULL, 0 }, + { "win2k_pkinit", krb5_config_string, NULL, 0 }, /* MIT stuff */ - { "admin_keytab", krb5_config_string, mit_entry }, - { "acl_file", krb5_config_string, mit_entry }, - { "dict_file", krb5_config_string, mit_entry }, - { "kadmind_port", krb5_config_string, mit_entry }, - { "kpasswd_port", krb5_config_string, mit_entry }, - { "master_key_name", krb5_config_string, mit_entry }, - { "master_key_type", krb5_config_string, mit_entry }, - { "key_stash_file", krb5_config_string, mit_entry }, - { "max_life", krb5_config_string, mit_entry }, - { "max_renewable_life", krb5_config_string, mit_entry }, - { "default_principal_expiration", krb5_config_string, mit_entry }, - { "default_principal_flags", krb5_config_string, mit_entry }, - { "supported_enctypes", krb5_config_string, mit_entry }, - { "database_name", krb5_config_string, mit_entry }, - { NULL } + { "admin_keytab", krb5_config_string, mit_entry, 0 }, + { "acl_file", krb5_config_string, mit_entry, 0 }, + { "dict_file", krb5_config_string, mit_entry, 0 }, + { "kadmind_port", krb5_config_string, mit_entry, 0 }, + { "kpasswd_port", krb5_config_string, mit_entry, 0 }, + { "master_key_name", krb5_config_string, mit_entry, 0 }, + { "master_key_type", krb5_config_string, mit_entry, 0 }, + { "key_stash_file", krb5_config_string, mit_entry, 0 }, + { "max_life", krb5_config_string, mit_entry, 0 }, + { "max_renewable_life", krb5_config_string, mit_entry, 0 }, + { "default_principal_expiration", krb5_config_string, mit_entry, 0 }, + { "default_principal_flags", krb5_config_string, mit_entry, 0 }, + { "supported_enctypes", krb5_config_string, mit_entry, 0 }, + { "database_name", krb5_config_string, mit_entry, 0 }, + { NULL, 0, NULL, 0 } }; struct entry realms_foobar[] = { - { "", krb5_config_list, realms_entries }, - { NULL } + { "", krb5_config_list, realms_entries, 0 }, + { NULL, 0, NULL, 0 } }; struct entry kdc_database_entries[] = { - { "realm", krb5_config_string, NULL }, - { "dbname", krb5_config_string, NULL }, - { "mkey_file", krb5_config_string, NULL }, - { "acl_file", krb5_config_string, NULL }, - { "log_file", krb5_config_string, NULL }, - { NULL } + { "realm", krb5_config_string, NULL, 0 }, + { "dbname", krb5_config_string, NULL, 0 }, + { "mkey_file", krb5_config_string, NULL, 0 }, + { "acl_file", krb5_config_string, NULL, 0 }, + { "log_file", krb5_config_string, NULL, 0 }, + { NULL, 0, NULL, 0 } }; struct entry kdc_entries[] = { - { "database", krb5_config_list, kdc_database_entries }, - { "key-file", krb5_config_string, NULL }, - { "logging", krb5_config_string, check_log }, - { "max-request", krb5_config_string, check_bytes }, - { "require-preauth", krb5_config_string, check_boolean }, - { "ports", krb5_config_string, NULL }, - { "addresses", krb5_config_string, NULL }, - { "enable-kerberos4", krb5_config_string, check_boolean }, - { "enable-524", krb5_config_string, check_boolean }, - { "enable-http", krb5_config_string, check_boolean }, - { "check-ticket-addresses", krb5_config_string, check_boolean }, - { "allow-null-ticket-addresses", krb5_config_string, check_boolean }, - { "allow-anonymous", krb5_config_string, check_boolean }, - { "v4_realm", krb5_config_string, NULL }, + { "database", krb5_config_list, kdc_database_entries, 0 }, + { "key-file", krb5_config_string, NULL, 0 }, + { "logging", krb5_config_string, check_log, 0 }, + { "max-request", krb5_config_string, check_bytes, 0 }, + { "require-preauth", krb5_config_string, check_boolean, 0 }, + { "ports", krb5_config_string, NULL, 0 }, + { "addresses", krb5_config_string, NULL, 0 }, + { "enable-kerberos4", krb5_config_string, check_boolean, 0 }, + { "enable-524", krb5_config_string, check_boolean, 0 }, + { "enable-http", krb5_config_string, check_boolean, 0 }, + { "check-ticket-addresses", krb5_config_string, check_boolean, 0 }, + { "allow-null-ticket-addresses", krb5_config_string, check_boolean, 0 }, + { "allow-anonymous", krb5_config_string, check_boolean, 0 }, + { "v4_realm", krb5_config_string, NULL, 0 }, { "enable-kaserver", krb5_config_string, check_boolean, 1 }, - { "encode_as_rep_as_tgs_rep", krb5_config_string, check_boolean }, - { "kdc_warn_pwexpire", krb5_config_string, check_time }, - { "use_2b", krb5_config_list, NULL }, - { "enable-pkinit", krb5_config_string, check_boolean }, - { "pkinit_identity", krb5_config_string, NULL }, - { "pkinit_anchors", krb5_config_string, NULL }, - { "pkinit_pool", krb5_config_string, NULL }, - { "pkinit_revoke", krb5_config_string, NULL }, - { "pkinit_kdc_ocsp", krb5_config_string, NULL }, - { "pkinit_principal_in_certificate", krb5_config_string, NULL }, - { "pkinit_dh_min_bits", krb5_config_string, NULL }, - { "pkinit_allow_proxy_certificate", krb5_config_string, NULL }, - { "hdb-ldap-create-base", krb5_config_string, NULL }, - { "v4-realm", krb5_config_string, NULL }, - { NULL } + { "encode_as_rep_as_tgs_rep", krb5_config_string, check_boolean, 0 }, + { "kdc_warn_pwexpire", krb5_config_string, check_time, 0 }, + { "use_2b", krb5_config_list, NULL, 0 }, + { "enable-pkinit", krb5_config_string, check_boolean, 0 }, + { "pkinit_identity", krb5_config_string, NULL, 0 }, + { "pkinit_anchors", krb5_config_string, NULL, 0 }, + { "pkinit_pool", krb5_config_string, NULL, 0 }, + { "pkinit_revoke", krb5_config_string, NULL, 0 }, + { "pkinit_kdc_ocsp", krb5_config_string, NULL, 0 }, + { "pkinit_principal_in_certificate", krb5_config_string, NULL, 0 }, + { "pkinit_dh_min_bits", krb5_config_string, NULL, 0 }, + { "pkinit_allow_proxy_certificate", krb5_config_string, NULL, 0 }, + { "hdb-ldap-create-base", krb5_config_string, NULL, 0 }, + { "v4-realm", krb5_config_string, NULL, 0 }, + { NULL, 0, NULL, 0 } }; struct entry kadmin_entries[] = { - { "password_lifetime", krb5_config_string, check_time }, - { "default_keys", krb5_config_string, NULL }, - { "use_v4_salt", krb5_config_string, NULL }, - { "require-preauth", krb5_config_string, check_boolean }, - { NULL } + { "password_lifetime", krb5_config_string, check_time, 0 }, + { "default_keys", krb5_config_string, NULL, 0 }, + { "use_v4_salt", krb5_config_string, NULL, 0 }, + { "require-preauth", krb5_config_string, check_boolean, 0 }, + { NULL, 0, NULL, 0 } }; struct entry log_strings[] = { - { "", krb5_config_string, check_log }, - { NULL } + { "", krb5_config_string, check_log, 0 }, + { NULL, 0, NULL, 0 } }; /* MIT stuff */ struct entry kdcdefaults_entries[] = { - { "kdc_ports", krb5_config_string, mit_entry }, - { "v4_mode", krb5_config_string, mit_entry }, - { NULL } + { "kdc_ports", krb5_config_string, mit_entry, 0 }, + { "v4_mode", krb5_config_string, mit_entry, 0 }, + { NULL, 0, NULL, 0 } }; struct entry capaths_entries[] = { - { "", krb5_config_list, all_strings }, - { NULL } + { "", krb5_config_list, all_strings, 0 }, + { NULL, 0, NULL, 0 } }; struct entry password_quality_entries[] = { - { "policies", krb5_config_string, NULL }, - { "external_program", krb5_config_string, NULL }, - { "min_classes", krb5_config_string, check_numeric }, - { "min_length", krb5_config_string, check_numeric }, - { "", krb5_config_list, all_strings }, - { NULL } + { "policies", krb5_config_string, NULL, 0 }, + { "external_program", krb5_config_string, NULL, 0 }, + { "min_classes", krb5_config_string, check_numeric, 0 }, + { "min_length", krb5_config_string, check_numeric, 0 }, + { "", krb5_config_list, all_strings, 0 }, + { NULL, 0, NULL, 0 } }; struct entry toplevel_sections[] = { - { "libdefaults" , krb5_config_list, libdefaults_entries }, - { "realms", krb5_config_list, realms_foobar }, - { "domain_realm", krb5_config_list, all_strings }, - { "logging", krb5_config_list, log_strings }, - { "kdc", krb5_config_list, kdc_entries }, - { "kadmin", krb5_config_list, kadmin_entries }, - { "appdefaults", krb5_config_list, appdefaults_entries }, - { "gssapi", krb5_config_list, NULL }, - { "capaths", krb5_config_list, capaths_entries }, - { "password_quality", krb5_config_list, password_quality_entries }, + { "libdefaults" , krb5_config_list, libdefaults_entries, 0 }, + { "realms", krb5_config_list, realms_foobar, 0 }, + { "domain_realm", krb5_config_list, all_strings, 0 }, + { "logging", krb5_config_list, log_strings, 0 }, + { "kdc", krb5_config_list, kdc_entries, 0 }, + { "kadmin", krb5_config_list, kadmin_entries, 0 }, + { "appdefaults", krb5_config_list, appdefaults_entries, 0 }, + { "gssapi", krb5_config_list, NULL, 0 }, + { "capaths", krb5_config_list, capaths_entries, 0 }, + { "password_quality", krb5_config_list, password_quality_entries, 0 }, /* MIT stuff */ - { "kdcdefaults", krb5_config_list, kdcdefaults_entries }, - { NULL } + { "kdcdefaults", krb5_config_list, kdcdefaults_entries, 0 }, + { NULL, 0, NULL, 0 } }; diff --git a/lib/otp/otptest.c b/lib/otp/otptest.c index 869f87421..dbf213168 100644 --- a/lib/otp/otptest.c +++ b/lib/otp/otptest.c @@ -107,7 +107,7 @@ test (void) {"sha", "OTP's are good", "correct", 0, "d51f3e99bf8e6f0b", "RUST WELT KICK FELL TAIL FRAU"}, {"sha", "OTP's are good", "correct", 1, "82aeb52d943774e4", "FLIT DOSE ALSO MEW DRUM DEFY"}, {"sha", "OTP's are good", "correct", 99, "4f296a74fe1567ec", "AURA ALOE HURL WING BERG WAIT"}, - {NULL} + {NULL, NULL, NULL, 0, NULL, NULL} }; struct test *t; diff --git a/lib/roken/base64-test.c b/lib/roken/base64-test.c index e9a2835e8..146e97e24 100644 --- a/lib/roken/base64-test.c +++ b/lib/roken/base64-test.c @@ -53,7 +53,7 @@ main(int argc, char **argv) { "4444", 4, "NDQ0NA==" }, { "55555", 5, "NTU1NTU=" }, { "abc:def", 7, "YWJjOmRlZg==" }, - { NULL } + { NULL, 0, NULL } }; for(t = tests; t->data; t++) { char *str; diff --git a/lib/roken/hex-test.c b/lib/roken/hex-test.c index 9a3d10f28..a81422e1f 100644 --- a/lib/roken/hex-test.c +++ b/lib/roken/hex-test.c @@ -55,7 +55,7 @@ main(int argc, char **argv) { "abcdef", 6, "616263646566" }, { "abcdefg", 7, "61626364656667" }, { "=", 1, "3D" }, - { NULL } + { NULL, 0, NULL } }; for(t = tests; t->data; t++) { char *str; diff --git a/lib/roken/rkpty.c b/lib/roken/rkpty.c index f2c62f23f..bd955e71f 100644 --- a/lib/roken/rkpty.c +++ b/lib/roken/rkpty.c @@ -305,9 +305,9 @@ eval_parent(pid_t pid) static struct getargs args[] = { { "timeout", 't', arg_integer, &timeout, "timout", "seconds" }, - { "verbose", 'v', arg_counter, &verbose, "verbose debugging" }, - { "version", 0, arg_flag, &version_flag, "print version" }, - { "help", 0, arg_flag, &help_flag, NULL } + { "verbose", 'v', arg_counter, &verbose, "verbose debugging", NULL }, + { "version", 0, arg_flag, &version_flag, "print version", NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void diff --git a/lib/roken/roken_gethostby.c b/lib/roken/roken_gethostby.c index 1bb560d3b..a2dda7e05 100644 --- a/lib/roken/roken_gethostby.c +++ b/lib/roken/roken_gethostby.c @@ -77,7 +77,8 @@ setup_int(const char *proxy_host, short proxy_port, if(make_address(dns_host, &dns_addr.sin_addr) != 0) return -1; dns_addr.sin_port = htons(dns_port); - asprintf(&dns_req, "%s", dns_path); + if (asprintf(&dns_req, "%s", dns_path) < 0) + return -1; } dns_addr.sin_family = AF_INET; return 0; diff --git a/lib/roken/simple_exec.c b/lib/roken/simple_exec.c index 97679d7e4..552e121b0 100644 --- a/lib/roken/simple_exec.c +++ b/lib/roken/simple_exec.c @@ -144,17 +144,31 @@ ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL pipe_execv(FILE **stdin_fd, FILE **stdout_fd, FILE **stderr_fd, const char *file, ...) { - int in_fd[2], out_fd[2], err_fd[2]; + int in_fd[2] = {-1, -1}; + int out_fd[2] = {-1, -1}; + int err_fd[2] = {-1, -1}; pid_t pid; va_list ap; char **argv; + int ret = 0; if(stdin_fd != NULL) - pipe(in_fd); - if(stdout_fd != NULL) - pipe(out_fd); - if(stderr_fd != NULL) - pipe(err_fd); + ret = pipe(in_fd); + if(ret != -1 && stdout_fd != NULL) + ret = pipe(out_fd); + if(ret != -1 && stderr_fd != NULL) + ret = pipe(err_fd); + + if (ret == -1) { + close(in_fd[0]); + close(in_fd[1]); + close(out_fd[0]); + close(out_fd[1]); + close(err_fd[0]); + close(err_fd[1]); + return SE_E_UNSPECIFIED; + } + pid = fork(); switch(pid) { case 0: diff --git a/lib/roken/test-mem.c b/lib/roken/test-mem.c index 2ce961e06..5ae10172a 100644 --- a/lib/roken/test-mem.c +++ b/lib/roken/test-mem.c @@ -70,13 +70,16 @@ static RETSIGTYPE segv_handler(int sig) { int fd; + ssize_t ret; char msg[] = "SIGSEGV i current test: "; fd = open("/dev/stdout", O_WRONLY, 0600); if (fd >= 0) { - (void)write(fd, msg, sizeof(msg) - 1); - (void)write(fd, testname, strlen(testname)); - (void)write(fd, "\n", 1); + ret = write(fd, msg, sizeof(msg) - 1); + if (ret != -1) + ret = write(fd, testname, strlen(testname)); + if (ret != -1) + ret = write(fd, "\n", 1); close(fd); } _exit(1); diff --git a/lib/sl/slc-gram.y b/lib/sl/slc-gram.y index 530b1a344..93bb4056a 100644 --- a/lib/sl/slc-gram.y +++ b/lib/sl/slc-gram.y @@ -341,7 +341,7 @@ gen_command(struct assignment *as) fprintf(cfile, " },\n"); for(a = a->next; a != NULL; a = a->next) if(strcmp(a->name, "name") == 0) - cprint(1, " { \"%s\" },\n", a->u.value); + cprint(1, " { \"%s\", NULL, NULL, NULL },\n", a->u.value); cprint(0, "\n"); } @@ -360,6 +360,7 @@ make_name(struct assignment *as) struct assignment *lopt; struct assignment *type; char *s; + int ret; lopt = find(as, "long"); if(lopt == NULL) @@ -369,9 +370,11 @@ make_name(struct assignment *as) type = find(as, "type"); if(strcmp(type->u.value, "-flag") == 0) - asprintf(&s, "%s_flag", lopt->u.value); + ret = asprintf(&s, "%s_flag", lopt->u.value); else - asprintf(&s, "%s_%s", lopt->u.value, type->u.value); + ret = asprintf(&s, "%s_%s", lopt->u.value, type->u.value); + if (ret == -1) + return NULL; gen_name(s); return s; } @@ -446,7 +449,7 @@ struct type_handler { defval_neg_flag, NULL }, - { NULL } + { NULL, NULL, NULL, NULL, NULL } }; static struct type_handler *find_handler(struct assignment *type) @@ -710,7 +713,7 @@ gen(struct assignment *as) cprint(0, "SL_cmd commands[] = {\n"); for(a = as; a != NULL; a = a->next) gen_command(a->u.assignment); - cprint(1, "{ NULL }\n"); + cprint(1, "{ NULL, NULL, NULL, NULL }\n"); cprint(0, "};\n"); hprint(0, "extern SL_cmd commands[];\n"); @@ -719,8 +722,8 @@ gen(struct assignment *as) int version_flag; int help_flag; struct getargs args[] = { - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); diff --git a/lib/wind/bidi.c b/lib/wind/bidi.c index 022a2a17c..7fdbc2acf 100644 --- a/lib/wind/bidi.c +++ b/lib/wind/bidi.c @@ -51,7 +51,7 @@ range_entry_cmp(const void *a, const void *b) static int is_ral(uint32_t cp) { - struct range_entry ee = {cp}; + struct range_entry ee = {cp, 0}; void *s = bsearch(&ee, _wind_ral_table, _wind_ral_table_size, sizeof(_wind_ral_table[0]), range_entry_cmp); @@ -61,7 +61,7 @@ is_ral(uint32_t cp) static int is_l(uint32_t cp) { - struct range_entry ee = {cp}; + struct range_entry ee = {cp, 0}; void *s = bsearch(&ee, _wind_l_table, _wind_l_table_size, sizeof(_wind_l_table[0]), range_entry_cmp); diff --git a/lib/wind/combining.c b/lib/wind/combining.c index 22fbf3835..764acc321 100644 --- a/lib/wind/combining.c +++ b/lib/wind/combining.c @@ -49,7 +49,7 @@ translation_cmp(const void *key, const void *data) int _wind_combining_class(uint32_t code_point) { - struct translation ts = {code_point}; + struct translation ts = {code_point, 0}; void *s = bsearch(&ts, _wind_combining_table, _wind_combining_table_size, sizeof(_wind_combining_table[0]), translation_cmp); diff --git a/lib/wind/errorlist.c b/lib/wind/errorlist.c index c2907832a..8a9d4a549 100644 --- a/lib/wind/errorlist.c +++ b/lib/wind/errorlist.c @@ -51,7 +51,7 @@ error_entry_cmp(const void *a, const void *b) int _wind_stringprep_error(const uint32_t cp, wind_profile_flags flags) { - struct error_entry ee = {cp}; + struct error_entry ee = {cp, 0, 0}; const struct error_entry *s; s = (const struct error_entry *) diff --git a/lib/wind/map.c b/lib/wind/map.c index 03f00de25..2485d396a 100644 --- a/lib/wind/map.c +++ b/lib/wind/map.c @@ -58,7 +58,7 @@ _wind_stringprep_map(const uint32_t *in, size_t in_len, unsigned o = 0; for (i = 0; i < in_len; ++i) { - struct translation ts = {in[i]}; + struct translation ts = {in[i], 0, 0, 0}; const struct translation *s; s = (const struct translation *) diff --git a/lib/wind/normalize.c b/lib/wind/normalize.c index 15274f685..20e8a4a04 100644 --- a/lib/wind/normalize.c +++ b/lib/wind/normalize.c @@ -127,7 +127,7 @@ compat_decomp(const uint32_t *in, size_t in_len, unsigned o = 0; for (i = 0; i < in_len; ++i) { - struct translation ts = {in[i]}; + struct translation ts = {in[i], 0, 0}; size_t sub_len = *out_len - o; int ret; diff --git a/lib/wind/test-normalize.c b/lib/wind/test-normalize.c index 16c808139..3e13aeec9 100644 --- a/lib/wind/test-normalize.c +++ b/lib/wind/test-normalize.c @@ -47,7 +47,7 @@ static size_t parse_vector(char *buf, uint32_t *v) { - char *last; + char *last = NULL; unsigned ret = 0; const char *n; unsigned u; diff --git a/lib/wind/test-utf8.c b/lib/wind/test-utf8.c index d85df286e..0b95032ff 100644 --- a/lib/wind/test-utf8.c +++ b/lib/wind/test-utf8.c @@ -78,24 +78,24 @@ struct testcase { }; static const struct testcase testcases[] = { - {"", 0, {0}}, - {"\x01", 1, {1}}, - {"\x7F", 1, {0x7F}}, - {"\x01\x7F", 2, {0x01, 0x7F}}, - {"\xC0\x80", 1, {0}}, - {"\xC0\x81", 1, {1}}, - {"\xC1\x80", 1, {0x40}}, - {"\xDF\xBF", 1, {0x7FF}}, - {"\xE0\x80\x80", 1, {0}}, - {"\xE0\x80\x81", 1, {1}}, - {"\xE0\x81\x80", 1, {0x40}}, - {"\xE1\x80\x80", 1, {0x1000}}, - {"\xEF\xBF\xBF", 1, {0xFFFF}}, - {"\xF0\x80\x80\x80", 1, {0}}, - {"\xF0\x80\x80\x81", 1, {1}}, - {"\xF0\x80\x81\x80", 1, {0x40}}, - {"\xF0\x81\x80\x80", 1, {0x1000}}, - {"\xF1\x80\x80\x80", 1, {0x40000}}, + {"", 0, {0}, 0}, + {"\x01", 1, {1}, 0}, + {"\x7F", 1, {0x7F}, 0}, + {"\x01\x7F", 2, {0x01, 0x7F}, 0}, + {"\xC0\x80", 1, {0}, 0}, + {"\xC0\x81", 1, {1}, 0}, + {"\xC1\x80", 1, {0x40}, 0}, + {"\xDF\xBF", 1, {0x7FF}, 0}, + {"\xE0\x80\x80", 1, {0}, 0}, + {"\xE0\x80\x81", 1, {1}, 0}, + {"\xE0\x81\x80", 1, {0x40}, 0}, + {"\xE1\x80\x80", 1, {0x1000}, 0}, + {"\xEF\xBF\xBF", 1, {0xFFFF}, 0}, + {"\xF0\x80\x80\x80", 1, {0}, 0}, + {"\xF0\x80\x80\x81", 1, {1}, 0}, + {"\xF0\x80\x81\x80", 1, {0x40}, 0}, + {"\xF0\x81\x80\x80", 1, {0x1000}, 0}, + {"\xF1\x80\x80\x80", 1, {0x40000}, 0}, {"\xF7\xBF\xBF\xBF", 1, {0X1FFFFF}, 1}, };