From cf2bab411d6c43e60a0b8ed88a3acd92a2394177 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Fri, 14 Jan 2022 17:58:19 -0600
Subject: [PATCH] kdc: Fix warnings

---
 kdc/connect.c    | 3 +--
 kdc/digest.c     | 4 ++++
 kdc/kdc-replay.c | 2 ++
 kdc/pkinit.c     | 2 --
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/kdc/connect.c b/kdc/connect.c
index 975f24cb2..8c92cac77 100644
--- a/kdc/connect.c
+++ b/kdc/connect.c
@@ -1064,7 +1064,7 @@ reap_kid(krb5_context context, krb5_kdc_configuration *config,
 	 pid_t *pids, int max_kids, int options)
 {
     pid_t pid;
-    char *what;
+    char *what = "untracked";
     int status;
     int i = 0; /* quiet warnings */
     int ret = 0;
@@ -1090,7 +1090,6 @@ reap_kid(krb5_context context, krb5_kdc_configuration *config,
 
         if (i == max_kids) {
             /* should not happen */
-            what = "untracked";
             sev = "warning: ";
             level = 2;
         }
diff --git a/kdc/digest.c b/kdc/digest.c
index a8652891f..8f7bdb0b4 100644
--- a/kdc/digest.c
+++ b/kdc/digest.c
@@ -1466,6 +1466,10 @@ _kdc_do_digest(krb5_context context,
     ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT,
 				     buf.data, buf.length, 0,
 				     &rep.innerRep);
+    if (ret) {
+        krb5_prepend_error_message(context, ret, "Failed to encrypt digest: ");
+        goto out;
+    }
 
     ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret);
     if (ret) {
diff --git a/kdc/kdc-replay.c b/kdc/kdc-replay.c
index af4e55c35..29190f783 100644
--- a/kdc/kdc-replay.c
+++ b/kdc/kdc-replay.c
@@ -184,6 +184,8 @@ main(int argc, char **argv)
 	    unsigned int tag2;
 	    ret = der_get_tag (r.data, r.length,
 			       &cl, &ty, &tag2, NULL);
+            if (ret)
+                krb5_err(context, 1, ret, "Could not decode replay data");
 	    if (MAKE_TAG(cl, ty, 0) != clty)
 		krb5_errx(context, 1, "class|type mismatch: %d != %d",
 			  (int)MAKE_TAG(cl, ty, 0), (int)clty);
diff --git a/kdc/pkinit.c b/kdc/pkinit.c
index c7f2a40fd..56bb2df84 100644
--- a/kdc/pkinit.c
+++ b/kdc/pkinit.c
@@ -231,8 +231,6 @@ generate_dh_keyblock(krb5_context context,
 	    memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen);
 	    memset(dh_gen_key, 0, size);
 	}
-
-	ret = 0;
     } else if (client_params->keyex == USE_ECDH) {
 	if (client_params->u.ecdh.public_key == NULL) {
 	    ret = KRB5KRB_ERR_GENERIC;