Misc fixes (coverity)
This commit is contained in:
Nicolas Williams
@@ -132,8 +132,8 @@ do_list(struct list_options *opt, const char *keytab_str)
|
||||
|
||||
for (i = 0; i< entry.aliases->len; i++) {
|
||||
krb5_unparse_name_fixed(context, entry.principal, buf, sizeof(buf));
|
||||
rk_strpoolprintf(p, "%s%s", buf,
|
||||
i + 1 < entry.aliases->len ? ", " : "");
|
||||
p = rk_strpoolprintf(p, "%s%s", buf,
|
||||
i + 1 < entry.aliases->len ? ", " : "");
|
||||
|
||||
}
|
||||
rtbl_add_column_entry_by_id(table, 5, (s = rk_strpoolcollect(p)));
|
||||
|
||||
@@ -463,7 +463,7 @@ ret_principal_ent(krb5_context contextp,
|
||||
ent->max_life = flag;
|
||||
CHECK(krb5_ret_uint32(sp, &flag));
|
||||
if (flag == 0)
|
||||
ret_principal_xdr(contextp, sp, &ent->mod_name);
|
||||
CHECK(ret_principal_xdr(contextp, sp, &ent->mod_name));
|
||||
CHECK(krb5_ret_uint32(sp, &flag));
|
||||
ent->mod_date = flag;
|
||||
CHECK(krb5_ret_uint32(sp, &flag));
|
||||
|
||||
@@ -514,7 +514,8 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
|
||||
int i;
|
||||
krb5_store_int32(sp, n_keys);
|
||||
for(i = 0; i < n_keys; i++){
|
||||
krb5_store_keyblock(sp, new_keys[i]);
|
||||
if (ret == 0)
|
||||
ret = krb5_store_keyblock(sp, new_keys[i]);
|
||||
krb5_free_keyblock_contents(contextp->context, &new_keys[i]);
|
||||
}
|
||||
free(new_keys);
|
||||
|
||||
@@ -920,12 +920,12 @@ tgs_make_reply(krb5_context context,
|
||||
|
||||
ek.key = et.key;
|
||||
/* MIT must have at least one last_req */
|
||||
ek.last_req.len = 1;
|
||||
ek.last_req.val = calloc(1, sizeof(*ek.last_req.val));
|
||||
if (ek.last_req.val == NULL) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
ek.last_req.len = 1; /* set after alloc to avoid null deref on cleanup */
|
||||
ek.nonce = b->nonce;
|
||||
ek.flags = et.flags;
|
||||
ek.authtime = et.authtime;
|
||||
|
||||
@@ -1394,13 +1394,19 @@ json_db_open(void *plug, const char *dbtype, const char *dbname,
|
||||
}
|
||||
|
||||
ret = read_json(dbname, (heim_object_t *)&contents, error);
|
||||
if (ret)
|
||||
if (ret) {
|
||||
heim_release(bkpname_s);
|
||||
heim_release(dbname_s);
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (contents != NULL && heim_get_tid(contents) != HEIM_TID_DICT)
|
||||
if (contents != NULL && heim_get_tid(contents) != HEIM_TID_DICT) {
|
||||
heim_release(bkpname_s);
|
||||
heim_release(dbname_s);
|
||||
return HEIM_ERROR(error, EINVAL,
|
||||
(EINVAL, N_("JSON DB contents not valid JSON",
|
||||
"")));
|
||||
}
|
||||
}
|
||||
|
||||
jsondb = heim_alloc(sizeof (*jsondb), "json_db", NULL);
|
||||
|
||||
@@ -962,7 +962,6 @@ heim_path_vcreate(heim_object_t ptr, size_t size, heim_object_t leaf,
|
||||
if (error)
|
||||
*error = heim_error_create(ret, "Node in path not a "
|
||||
"container");
|
||||
goto err;
|
||||
}
|
||||
heim_release(next_node);
|
||||
if (ret)
|
||||
|
||||
@@ -108,11 +108,9 @@ hdb_get_dbinfo(krb5_context context, struct hdb_dbinfo **dbp)
|
||||
NULL);
|
||||
if (db_binding) {
|
||||
|
||||
ret = get_dbinfo(context, db_binding, "default", &di);
|
||||
if (ret == 0 && di) {
|
||||
databases = di;
|
||||
dt = &di->next;
|
||||
}
|
||||
ret = get_dbinfo(context, db_binding, "default", &databases);
|
||||
if (ret == 0 && databases != NULL)
|
||||
dt = &databases->next;
|
||||
|
||||
for ( ; db_binding != NULL; db_binding = db_binding->next) {
|
||||
|
||||
@@ -129,27 +127,28 @@ hdb_get_dbinfo(krb5_context context, struct hdb_dbinfo **dbp)
|
||||
|
||||
if (dt)
|
||||
*dt = di;
|
||||
else
|
||||
else {
|
||||
hdb_free_dbinfo(context, &databases);
|
||||
databases = di;
|
||||
}
|
||||
dt = &di->next;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
if(databases == NULL) {
|
||||
if (databases == NULL) {
|
||||
/* if there are none specified, create one and use defaults */
|
||||
di = calloc(1, sizeof(*di));
|
||||
databases = di;
|
||||
di->label = strdup("default");
|
||||
databases = calloc(1, sizeof(*databases));
|
||||
databases->label = strdup("default");
|
||||
}
|
||||
|
||||
for(di = databases; di; di = di->next) {
|
||||
if(di->dbname == NULL) {
|
||||
for (di = databases; di; di = di->next) {
|
||||
if (di->dbname == NULL) {
|
||||
di->dbname = strdup(default_dbname);
|
||||
if (di->mkey_file == NULL)
|
||||
di->mkey_file = strdup(default_mkey);
|
||||
}
|
||||
if(di->mkey_file == NULL) {
|
||||
if (di->mkey_file == NULL) {
|
||||
p = strrchr(di->dbname, '.');
|
||||
if(p == NULL || strchr(p, '/') != NULL)
|
||||
/* final pathname component does not contain a . */
|
||||
@@ -159,8 +158,10 @@ hdb_get_dbinfo(krb5_context context, struct hdb_dbinfo **dbp)
|
||||
.mkey */
|
||||
ret = asprintf(&di->mkey_file, "%.*s.mkey",
|
||||
(int)(p - di->dbname), di->dbname);
|
||||
if (ret == -1)
|
||||
if (ret == -1) {
|
||||
hdb_free_dbinfo(context, &databases);
|
||||
return ENOMEM;
|
||||
}
|
||||
}
|
||||
if(di->acl_file == NULL)
|
||||
di->acl_file = strdup(default_acl);
|
||||
|
||||
@@ -2044,8 +2044,7 @@ hdb_ldapi_create(krb5_context context, HDB ** db, const char *arg)
|
||||
krb5_error_code ret;
|
||||
char *search_base, *p;
|
||||
|
||||
asprintf(&p, "ldapi:%s", arg);
|
||||
if (p == NULL) {
|
||||
if (asprintf(&p, "ldapi:%s", arg) == -1 || p == NULL) {
|
||||
*db = NULL;
|
||||
krb5_set_error_message(context, ENOMEM, "out of memory");
|
||||
return ENOMEM;
|
||||
|
||||
@@ -1212,7 +1212,7 @@ getdata(char **p, unsigned char *buf, size_t len, const char *what)
|
||||
}
|
||||
i = 0;
|
||||
while (*q && i < len) {
|
||||
if(sscanf(q, "%02x", &v) != 1)
|
||||
if (sscanf(q, "%02x", &v) != 1)
|
||||
break;
|
||||
buf[i++] = v;
|
||||
q += 2;
|
||||
@@ -1229,7 +1229,8 @@ getint(char **p, const char *what)
|
||||
warnx("Failed to find a signed integer (%s) in dump", what);
|
||||
return -1;
|
||||
}
|
||||
sscanf(q, "%d", &val);
|
||||
if (sscanf(q, "%d", &val) != 1)
|
||||
return -1;
|
||||
return val;
|
||||
}
|
||||
|
||||
@@ -1242,7 +1243,8 @@ getuint(char **p, const char *what)
|
||||
warnx("Failed to find an unsigned integer (%s) in dump", what);
|
||||
return 0;
|
||||
}
|
||||
sscanf(q, "%u", &val);
|
||||
if (sscanf(q, "%u", &val) != 1)
|
||||
return 0;
|
||||
return val;
|
||||
}
|
||||
|
||||
|
||||
@@ -515,7 +515,6 @@ ks_tuple2str(krb5_context context, int n_ks_tuple,
|
||||
{
|
||||
size_t i;
|
||||
char **ksnames;
|
||||
char *ename, *sname;
|
||||
krb5_error_code rc = KRB5_PROG_ETYPE_NOSUPP;
|
||||
|
||||
*ks_tuple_strs = NULL;
|
||||
@@ -526,11 +525,15 @@ ks_tuple2str(krb5_context context, int n_ks_tuple,
|
||||
return (errno);
|
||||
|
||||
for (i = 0; i < n_ks_tuple; i++) {
|
||||
char *ename, *sname;
|
||||
|
||||
if (krb5_enctype_to_string(context, ks_tuple[i].ks_enctype, &ename))
|
||||
goto out;
|
||||
if (krb5_salttype_to_string(context, ks_tuple[i].ks_enctype,
|
||||
ks_tuple[i].ks_salttype, &sname))
|
||||
ks_tuple[i].ks_salttype, &sname)) {
|
||||
free(ename);
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (asprintf(&ksnames[i], "%s:%s", ename, sname) == -1) {
|
||||
rc = errno;
|
||||
|
||||
@@ -35,6 +35,7 @@
|
||||
|
||||
#include "hi_locl.h"
|
||||
#include <assert.h>
|
||||
#include <err.h>
|
||||
|
||||
#define MAX_PACKET_SIZE (128 * 1024)
|
||||
|
||||
@@ -980,7 +981,7 @@ process_loop(void)
|
||||
unsigned n;
|
||||
unsigned num_fds;
|
||||
|
||||
while(num_clients > 0) {
|
||||
while (num_clients > 0) {
|
||||
|
||||
fds = malloc(num_clients * sizeof(fds[0]));
|
||||
if(fds == NULL)
|
||||
@@ -999,7 +1000,11 @@ process_loop(void)
|
||||
fds[n].revents = 0;
|
||||
}
|
||||
|
||||
poll(fds, num_fds, -1);
|
||||
while (poll(fds, num_fds, -1) == -1) {
|
||||
if (errno == EINTR || errno == EAGAIN)
|
||||
continue;
|
||||
err(1, "poll(2) failed");
|
||||
}
|
||||
|
||||
for (n = 0 ; n < num_fds; n++) {
|
||||
if (clients[n] == NULL)
|
||||
|
||||
@@ -49,6 +49,7 @@ kadm5_s_init_with_context(krb5_context context,
|
||||
char *dbname;
|
||||
char *stash_file;
|
||||
|
||||
*server_handle = NULL;
|
||||
ret = _kadm5_s_init_context(&ctx, realm_params, context);
|
||||
if(ret)
|
||||
return ret;
|
||||
@@ -74,12 +75,13 @@ kadm5_s_init_with_context(krb5_context context,
|
||||
#endif
|
||||
|
||||
ret = hdb_create(ctx->context, &ctx->db, dbname);
|
||||
if(ret)
|
||||
return ret;
|
||||
ret = hdb_set_master_keyfile (ctx->context,
|
||||
ctx->db, stash_file);
|
||||
if(ret)
|
||||
if (ret == 0)
|
||||
ret = hdb_set_master_keyfile(ctx->context,
|
||||
ctx->db, stash_file);
|
||||
if (ret) {
|
||||
kadm5_s_destroy(ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
ctx->log_context.log_fd = -1;
|
||||
|
||||
@@ -94,14 +96,12 @@ kadm5_s_init_with_context(krb5_context context,
|
||||
socket_set_nonblocking(ctx->log_context.socket_fd, 1);
|
||||
|
||||
ret = krb5_parse_name(ctx->context, client_name, &ctx->caller);
|
||||
if(ret)
|
||||
return ret;
|
||||
|
||||
ret = _kadm5_acl_init(ctx);
|
||||
if(ret)
|
||||
return ret;
|
||||
|
||||
*server_handle = ctx;
|
||||
if (ret == 0)
|
||||
ret = _kadm5_acl_init(ctx);
|
||||
if (ret)
|
||||
kadm5_s_destroy(ctx);
|
||||
else
|
||||
*server_handle = ctx;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@@ -79,17 +79,21 @@ kadm5_c_randkey_principal(void *server_handle,
|
||||
*
|
||||
* - opaque string2key parameters (salt, rounds, ...)
|
||||
*/
|
||||
krb5_store_int32(sp, kadm_randkey);
|
||||
krb5_store_principal(sp, princ);
|
||||
ret = krb5_store_int32(sp, kadm_randkey);
|
||||
if (ret == 0)
|
||||
ret = krb5_store_principal(sp, princ);
|
||||
|
||||
if (keepold == TRUE || n_ks_tuple > 0)
|
||||
krb5_store_uint32(sp, keepold);
|
||||
if (n_ks_tuple > 0)
|
||||
krb5_store_uint32(sp, n_ks_tuple);
|
||||
for (i = 0; i < n_ks_tuple; i++) {
|
||||
krb5_store_int32(sp, ks_tuple[i].ks_enctype);
|
||||
krb5_store_int32(sp, ks_tuple[i].ks_salttype);
|
||||
if (ret == 0 && (keepold == TRUE || n_ks_tuple > 0))
|
||||
ret = krb5_store_uint32(sp, keepold);
|
||||
if (ret == 0 && n_ks_tuple > 0)
|
||||
ret = krb5_store_uint32(sp, n_ks_tuple);
|
||||
for (i = 0; ret == 0 && i < n_ks_tuple; i++) {
|
||||
ret = krb5_store_int32(sp, ks_tuple[i].ks_enctype);
|
||||
if (ret == 0)
|
||||
krb5_store_int32(sp, ks_tuple[i].ks_salttype);
|
||||
}
|
||||
if (ret)
|
||||
return ret;
|
||||
/* Future extensions go here */
|
||||
|
||||
ret = _kadm5_client_send(context, sp);
|
||||
@@ -106,28 +110,35 @@ kadm5_c_randkey_principal(void *server_handle,
|
||||
return ENOMEM;
|
||||
}
|
||||
krb5_clear_error_message(context->context);
|
||||
krb5_ret_int32(sp, &tmp);
|
||||
ret = tmp;
|
||||
if(ret == 0){
|
||||
ret = krb5_ret_int32(sp, &tmp);
|
||||
if (ret == 0)
|
||||
ret = tmp;
|
||||
if (ret == 0){
|
||||
krb5_keyblock *k;
|
||||
|
||||
krb5_ret_int32(sp, &tmp);
|
||||
ret = krb5_ret_int32(sp, &tmp);
|
||||
if (ret)
|
||||
goto out;
|
||||
if (tmp < 0) {
|
||||
ret = EOVERFLOW;
|
||||
goto out;
|
||||
}
|
||||
k = malloc(tmp * sizeof(*k));
|
||||
k = calloc(tmp, sizeof(*k));
|
||||
if (k == NULL) {
|
||||
ret = ENOMEM;
|
||||
goto out;
|
||||
}
|
||||
for(i = 0; i < tmp; i++)
|
||||
krb5_ret_keyblock(sp, &k[i]);
|
||||
if (n_keys && new_keys) {
|
||||
for(i = 0; ret == 0 && i < tmp; i++)
|
||||
ret = krb5_ret_keyblock(sp, &k[i]);
|
||||
if (ret == 0 && n_keys && new_keys) {
|
||||
*n_keys = tmp;
|
||||
*new_keys = k;
|
||||
} else
|
||||
} else {
|
||||
krb5_free_keyblock_contents(context->context, &k[i]);
|
||||
for (; i > 0; i--)
|
||||
krb5_free_keyblock_contents(context->context, &k[i - 1]);
|
||||
free(k);
|
||||
}
|
||||
}
|
||||
out:
|
||||
krb5_storage_free(sp);
|
||||
|
||||
@@ -2341,21 +2341,19 @@ _get_derived_key(krb5_context context,
|
||||
struct _krb5_key_data *d;
|
||||
unsigned char constant[5];
|
||||
|
||||
*key = NULL;
|
||||
for(i = 0; i < crypto->num_key_usage; i++)
|
||||
if(crypto->key_usage[i].usage == usage) {
|
||||
*key = &crypto->key_usage[i].key;
|
||||
return 0;
|
||||
}
|
||||
d = _new_derived_key(crypto, usage);
|
||||
if (d == NULL) {
|
||||
*key = NULL; /* quiet warning */
|
||||
if (d == NULL)
|
||||
return krb5_enomem(context);
|
||||
}
|
||||
krb5_copy_keyblock(context, crypto->key.key, &d->key);
|
||||
_krb5_put_int(constant, usage, 5);
|
||||
_krb5_derive_key(context, crypto->et, d, constant, sizeof(constant));
|
||||
*key = d;
|
||||
return 0;
|
||||
krb5_copy_keyblock(context, crypto->key.key, &d->key);
|
||||
_krb5_put_int(constant, usage, sizeof(constant));
|
||||
return _krb5_derive_key(context, crypto->et, d, constant, sizeof(constant));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -493,7 +493,7 @@ _krb5_expand_path_tokensv(krb5_context context,
|
||||
return krb5_enomem(context);
|
||||
va_start(ap, ppath_out);
|
||||
for (i = 0; i < nargs; i++) {
|
||||
char *s = va_arg(ap, const char *); /* token key */
|
||||
const char *s = va_arg(ap, const char *); /* token key */
|
||||
if (s == NULL)
|
||||
break;
|
||||
extra_tokens[i] = strdup(s);
|
||||
|
||||
@@ -450,6 +450,7 @@ again:
|
||||
ret = fstat(fd, &sb2);
|
||||
if (ret < 0) {
|
||||
krb5_clear_error_message(context);
|
||||
close(fd);
|
||||
return errno;
|
||||
}
|
||||
|
||||
|
||||
@@ -868,15 +868,14 @@ krb5_pac_verify(krb5_context context,
|
||||
{
|
||||
krb5_data *copy;
|
||||
|
||||
if (pac->server_checksum->buffersize < 4 ||
|
||||
pac->privsvr_checksum->buffersize < 4)
|
||||
return EINVAL;
|
||||
|
||||
ret = krb5_copy_data(context, &pac->data, ©);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
if (pac->server_checksum->buffersize < 4)
|
||||
return EINVAL;
|
||||
if (pac->privsvr_checksum->buffersize < 4)
|
||||
return EINVAL;
|
||||
|
||||
memset((char *)copy->data + pac->server_checksum->offset_lo + 4,
|
||||
0,
|
||||
pac->server_checksum->buffersize - 4);
|
||||
|
||||
@@ -43,6 +43,7 @@ krb5_salttype_to_string (krb5_context context,
|
||||
struct _krb5_encryption_type *e;
|
||||
struct salt_type *st;
|
||||
|
||||
*string = NULL;
|
||||
e = _krb5_find_enctype (etype);
|
||||
if (e == NULL) {
|
||||
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
|
||||
|
||||
@@ -56,13 +56,11 @@
|
||||
static int
|
||||
init_port(const char *s, int fallback)
|
||||
{
|
||||
if (s) {
|
||||
int tmp;
|
||||
int tmp;
|
||||
|
||||
sscanf (s, "%d", &tmp);
|
||||
return htons(tmp);
|
||||
} else
|
||||
return fallback;
|
||||
if (s && sscanf(s, "%d", &tmp) == 1)
|
||||
return htons(tmp);
|
||||
return fallback;
|
||||
}
|
||||
|
||||
struct send_via_plugin_s {
|
||||
|
||||
Reference in New Issue
Block a user