kdc: Fix warnings

kdc/connect.c

@@ -1064,7 +1064,7 @@ reap_kid(krb5_context context, krb5_kdc_configuration *config,
 	 pid_t *pids, int max_kids, int options)
 {
     pid_t pid;
-    char *what;
+    char *what = "untracked";
     int status;
     int i = 0; /* quiet warnings */
     int ret = 0;
@@ -1090,7 +1090,6 @@ reap_kid(krb5_context context, krb5_kdc_configuration *config,
 
         if (i == max_kids) {
             /* should not happen */
-            what = "untracked";
             sev = "warning: ";
             level = 2;
         }

kdc/digest.c

@@ -1466,6 +1466,10 @@ _kdc_do_digest(krb5_context context,
     ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT,
 				     buf.data, buf.length, 0,
 				     &rep.innerRep);
+    if (ret) {
+        krb5_prepend_error_message(context, ret, "Failed to encrypt digest: ");
+        goto out;
+    }
 
     ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret);
     if (ret) {

kdc/kdc-replay.c

@@ -184,6 +184,8 @@ main(int argc, char **argv)
 	    unsigned int tag2;
 	    ret = der_get_tag (r.data, r.length,
 			       &cl, &ty, &tag2, NULL);
+            if (ret)
+                krb5_err(context, 1, ret, "Could not decode replay data");
 	    if (MAKE_TAG(cl, ty, 0) != clty)
 		krb5_errx(context, 1, "class|type mismatch: %d != %d",
 			  (int)MAKE_TAG(cl, ty, 0), (int)clty);

kdc/pkinit.c

@@ -231,8 +231,6 @@ generate_dh_keyblock(krb5_context context,
 	    memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen);
 	    memset(dh_gen_key, 0, size);
 	}
-
-	ret = 0;
     } else if (client_params->keyex == USE_ECDH) {
 	if (client_params->u.ecdh.public_key == NULL) {
 	    ret = KRB5KRB_ERR_GENERIC;