krb5: Fix warnings
This commit is contained in:
@@ -246,7 +246,7 @@ krb5_acl_match_file(krb5_context context,
|
||||
...)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
struct acl_field *acl;
|
||||
struct acl_field *acl = NULL;
|
||||
char buf[256];
|
||||
va_list ap;
|
||||
FILE *f;
|
||||
|
@@ -525,7 +525,7 @@ arange_parse_addr (krb5_context context,
|
||||
return ret;
|
||||
}
|
||||
|
||||
if(high.len != 1 && high.val[0].addr_type != low.val[0].addr_type) {
|
||||
if(high.len != 1 || high.val[0].addr_type != low.val[0].addr_type) {
|
||||
krb5_free_addresses(context, &low);
|
||||
krb5_free_addresses(context, &high);
|
||||
return -1;
|
||||
|
@@ -754,6 +754,9 @@ krb_enc_test(krb5_context context)
|
||||
kb.keyvalue.data = krbencs[i].key;
|
||||
|
||||
ret = krb5_crypto_init(context, &kb, krbencs[i].enctype, &crypto);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_crypto_init failed with %d for test %d",
|
||||
ret, i);
|
||||
|
||||
cipher.length = krbencs[i].elen;
|
||||
cipher.data = krbencs[i].edata;
|
||||
@@ -763,20 +766,24 @@ krb_enc_test(krb5_context context)
|
||||
ret = krb_enc(context, crypto, krbencs[i].usage, &cipher, &plain);
|
||||
|
||||
if (ret)
|
||||
errx(1, "krb_enc failed with %d for test %d", ret, i);
|
||||
krb5_err(context, 1, ret, "krb_enc failed with %d for test %d",
|
||||
ret, i);
|
||||
|
||||
ret = krb_enc_iov(context, crypto, krbencs[i].usage, &cipher, &plain);
|
||||
if (ret)
|
||||
errx(1, "krb_enc_iov failed with %d for test %d", ret, i);
|
||||
krb5_err(context, 1, ret, "krb_enc_iov failed with %d for test %d",
|
||||
ret, i);
|
||||
|
||||
ret = krb_enc_iov2(context, crypto, krbencs[i].usage,
|
||||
cipher.length, &plain);
|
||||
if (ret)
|
||||
errx(1, "krb_enc_iov2 failed with %d for test %d", ret, i);
|
||||
krb5_err(context, 1, ret, "krb_enc_iov2 failed with %d for test %d",
|
||||
ret, i);
|
||||
|
||||
ret = krb_checksum_iov(context, crypto, krbencs[i].usage, &plain, NULL);
|
||||
if (ret)
|
||||
errx(1, "krb_checksum_iov failed with %d for test %d", ret, i);
|
||||
krb5_err(context, 1, ret,
|
||||
"krb_checksum_iov failed with %d for test %d", ret, i);
|
||||
|
||||
if (krbencs[i].cdata) {
|
||||
krb5_data checksum;
|
||||
@@ -787,7 +794,9 @@ krb_enc_test(krb5_context context)
|
||||
ret = krb_checksum_iov(context, crypto, krbencs[i].usage,
|
||||
&plain, &checksum);
|
||||
if (ret)
|
||||
errx(1, "krb_checksum_iov(2) failed with %d for test %d", ret, i);
|
||||
krb5_err(context, 1, ret,
|
||||
"krb_checksum_iov(2) failed with %d for test %d",
|
||||
ret, i);
|
||||
}
|
||||
|
||||
krb5_crypto_destroy(context, crypto);
|
||||
@@ -795,7 +804,8 @@ krb_enc_test(krb5_context context)
|
||||
ret = krb_enc_mit(context, krbencs[i].enctype, &kb,
|
||||
krbencs[i].usage, &cipher, &plain);
|
||||
if (ret)
|
||||
errx(1, "krb_enc_mit failed with %d for test %d", ret, i);
|
||||
krb5_err(context, 1, ret, "krb_enc_mit failed with %d for test %d",
|
||||
ret, i);
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@@ -78,7 +78,7 @@ _krb5_ticket2krb5_principal(krb5_context context,
|
||||
const AuthorizationData *authenticator_ad)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_principal p;
|
||||
krb5_principal p = NULL;
|
||||
|
||||
*principal = NULL;
|
||||
|
||||
@@ -127,7 +127,7 @@ _krb5_kdcrep2krb5_principal(krb5_context context,
|
||||
const EncKDCRepPart *kdcrep)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_principal p;
|
||||
krb5_principal p = NULL;
|
||||
|
||||
*principal = NULL;
|
||||
|
||||
|
@@ -514,7 +514,7 @@ krb5_cc_get_subsidiary(krb5_context context, krb5_ccache id)
|
||||
const char *name = NULL;
|
||||
|
||||
if (id->ops->version >= KRB5_CC_OPS_VERSION_5
|
||||
&& id->ops->get_name_2 == NULL)
|
||||
&& id->ops->get_name_2 != NULL)
|
||||
(void) id->ops->get_name_2(context, id, NULL, NULL, &name);
|
||||
return name;
|
||||
}
|
||||
@@ -923,7 +923,7 @@ krb5_cc_destroy(krb5_context context,
|
||||
/*
|
||||
* Destroy associated hx509 PKIX credential store created by krb5_kx509*().
|
||||
*/
|
||||
if ((ret = krb5_cc_get_config(context, id, NULL, "kx509store", &d)) == 0) {
|
||||
if (krb5_cc_get_config(context, id, NULL, "kx509store", &d) == 0) {
|
||||
char *name;
|
||||
|
||||
if ((name = strndup(d.data, d.length)) == NULL) {
|
||||
@@ -1001,7 +1001,6 @@ krb5_cc_close(krb5_context context,
|
||||
_krb5_debug(context, 2, "failed to fetch a certificate");
|
||||
else
|
||||
_krb5_debug(context, 2, "fetched a certificate");
|
||||
ret = 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
@@ -106,7 +106,7 @@ init_context_from_config_file(krb5_context context)
|
||||
krb5_error_code ret;
|
||||
const char * tmp;
|
||||
char **s;
|
||||
krb5_enctype *tmptypes;
|
||||
krb5_enctype *tmptypes = NULL;
|
||||
|
||||
INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew");
|
||||
INIT_FIELD(context, time, kdc_timeout, 30, "kdc_timeout");
|
||||
|
@@ -2152,7 +2152,10 @@ krb5_crypto_length(krb5_context context,
|
||||
*len = 0;
|
||||
return 0;
|
||||
case KRB5_CRYPTO_TYPE_TRAILER:
|
||||
*len = CHECKSUMSIZE(crypto->et->keyed_checksum);
|
||||
if (crypto->et->keyed_checksum)
|
||||
*len = CHECKSUMSIZE(crypto->et->keyed_checksum);
|
||||
else
|
||||
*len = 0;
|
||||
return 0;
|
||||
case KRB5_CRYPTO_TYPE_CHECKSUM:
|
||||
if (crypto->et->keyed_checksum)
|
||||
|
@@ -681,12 +681,12 @@ dcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor)
|
||||
}
|
||||
|
||||
if ((iter->d = opendir(iter->dc->dir)) == NULL) {
|
||||
free(iter->dc->dir);
|
||||
free(iter->dc);
|
||||
free(iter);
|
||||
krb5_set_error_message(context, KRB5_CC_FORMAT,
|
||||
N_("Can't open DIR %s: %s", ""),
|
||||
iter->dc->dir, strerror(errno));
|
||||
free(iter->dc->dir);
|
||||
free(iter->dc);
|
||||
free(iter);
|
||||
return KRB5_CC_FORMAT;
|
||||
}
|
||||
|
||||
@@ -709,8 +709,8 @@ dcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id)
|
||||
|
||||
/* Emit primary subsidiary first */
|
||||
if (iter->first &&
|
||||
(ret = get_default_cache(context, iter->dc, NULL, &iter->primary)) == 0 &&
|
||||
is_filename_cacheish(iter->primary)) {
|
||||
get_default_cache(context, iter->dc, NULL, &iter->primary) == 0 &&
|
||||
iter->primary && is_filename_cacheish(iter->primary)) {
|
||||
iter->first = 0;
|
||||
ret = KRB5_CC_END;
|
||||
if (asprintf(&p, "FILE:%s/%s", iter->dc->dir, iter->primary) > -1 && p != NULL &&
|
||||
|
@@ -324,15 +324,13 @@ krb5_keytab_key_proc (krb5_context context,
|
||||
|
||||
ret = krb5_kt_get_entry (context, real_keytab, principal,
|
||||
0, enctype, &entry);
|
||||
if (ret == 0) {
|
||||
ret = krb5_copy_keyblock (context, &entry.keyblock, key);
|
||||
krb5_kt_free_entry(context, &entry);
|
||||
}
|
||||
|
||||
if (keytab == NULL)
|
||||
krb5_kt_close (context, real_keytab);
|
||||
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = krb5_copy_keyblock (context, &entry.keyblock, key);
|
||||
krb5_kt_free_entry(context, &entry);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@@ -33,10 +33,10 @@
|
||||
|
||||
#include "krb5_locl.h"
|
||||
|
||||
#undef krb5_enomem
|
||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_enomem(krb5_context context)
|
||||
{
|
||||
krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
|
@@ -477,7 +477,6 @@ fcc_open(krb5_context context,
|
||||
return krb5_einval(context, 2);
|
||||
|
||||
if ((flags & O_EXCL)) {
|
||||
flags &= ~O_EXCL;
|
||||
/*
|
||||
* FIXME Instead of mkostemp()... we could instead try to use a .new
|
||||
* file... with care. Or the O_TMPFILE / linkat() extensions. We need
|
||||
|
@@ -1375,6 +1375,8 @@ _krb5_get_cred_kdc_any(krb5_context context,
|
||||
krb5_deltat offset;
|
||||
krb5_data data;
|
||||
|
||||
krb5_data_zero(&data);
|
||||
|
||||
/*
|
||||
* If we are using LKDC, lets pull out the addreses from the
|
||||
* ticket and use that.
|
||||
@@ -1382,23 +1384,19 @@ _krb5_get_cred_kdc_any(krb5_context context,
|
||||
|
||||
ret = krb5_cc_get_config(context, ccache, NULL, "lkdc-hostname", &data);
|
||||
if (ret == 0) {
|
||||
kdc_hostname = malloc(data.length + 1);
|
||||
if (kdc_hostname == NULL)
|
||||
return krb5_enomem(context);
|
||||
|
||||
memcpy(kdc_hostname, data.data, data.length);
|
||||
kdc_hostname[data.length] = '\0';
|
||||
if ((kdc_hostname = strndup(data.data, data.length)) == NULL) {
|
||||
ret = krb5_enomem(context);
|
||||
goto out;
|
||||
}
|
||||
krb5_data_free(&data);
|
||||
}
|
||||
|
||||
ret = krb5_cc_get_config(context, ccache, NULL, "sitename", &data);
|
||||
if (ret == 0) {
|
||||
sitename = malloc(data.length + 1);
|
||||
if (sitename == NULL)
|
||||
return krb5_enomem(context);
|
||||
|
||||
memcpy(sitename, data.data, data.length);
|
||||
sitename[data.length] = '\0';
|
||||
if ((sitename = strndup(data.data, data.length)) == NULL) {
|
||||
ret = krb5_enomem(context);
|
||||
goto out;
|
||||
}
|
||||
krb5_data_free(&data);
|
||||
}
|
||||
|
||||
@@ -1441,9 +1439,9 @@ _krb5_get_cred_kdc_any(krb5_context context,
|
||||
out_creds);
|
||||
|
||||
out:
|
||||
krb5_data_free(&data);
|
||||
free(kdc_hostname);
|
||||
free(sitename);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@@ -2701,27 +2701,23 @@ keytab_key_proc(krb5_context context, krb5_enctype enctype,
|
||||
krb5_keytab keytab = args->keytab;
|
||||
krb5_principal principal = args->principal;
|
||||
krb5_error_code ret;
|
||||
krb5_keytab real_keytab;
|
||||
krb5_keytab real_keytab = NULL;
|
||||
krb5_keytab_entry entry;
|
||||
|
||||
if (keytab == NULL) {
|
||||
ret = krb5_kt_default(context, &real_keytab);
|
||||
if (ret)
|
||||
return ret;
|
||||
} else
|
||||
real_keytab = keytab;
|
||||
keytab = real_keytab;
|
||||
}
|
||||
|
||||
ret = krb5_kt_get_entry (context, real_keytab, principal,
|
||||
0, enctype, &entry);
|
||||
ret = krb5_kt_get_entry (context, keytab, principal, 0, enctype, &entry);
|
||||
if (ret == 0) {
|
||||
ret = krb5_copy_keyblock(context, &entry.keyblock, key);
|
||||
krb5_kt_free_entry(context, &entry);
|
||||
}
|
||||
|
||||
if (keytab == NULL)
|
||||
krb5_kt_close (context, real_keytab);
|
||||
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
ret = krb5_copy_keyblock (context, &entry.keyblock, key);
|
||||
krb5_kt_free_entry(context, &entry);
|
||||
krb5_kt_close(context, real_keytab);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -4009,7 +4005,7 @@ _krb5_init_creds_init_gss(krb5_context context,
|
||||
const struct gss_OID_desc_struct *gss_mech,
|
||||
unsigned int flags)
|
||||
{
|
||||
krb5_gss_init_ctx gssic = ctx->gss_init_ctx;
|
||||
krb5_gss_init_ctx gssic;
|
||||
|
||||
gssic = calloc(1, sizeof(*gssic));
|
||||
if (gssic == NULL)
|
||||
|
@@ -358,10 +358,11 @@ krb5_kt_read_service_key(krb5_context context,
|
||||
krb5_enctype enctype,
|
||||
krb5_keyblock **key)
|
||||
{
|
||||
krb5_keytab keytab;
|
||||
krb5_keytab keytab = NULL; /* Quiet lint */
|
||||
krb5_keytab_entry entry;
|
||||
krb5_error_code ret;
|
||||
|
||||
memset(&entry, 0, sizeof(entry));
|
||||
if (keyprocarg)
|
||||
ret = krb5_kt_resolve (context, keyprocarg, &keytab);
|
||||
else
|
||||
@@ -371,11 +372,11 @@ krb5_kt_read_service_key(krb5_context context,
|
||||
return ret;
|
||||
|
||||
ret = krb5_kt_get_entry (context, keytab, principal, vno, enctype, &entry);
|
||||
if (ret == 0) {
|
||||
ret = krb5_copy_keyblock (context, &entry.keyblock, key);
|
||||
krb5_kt_free_entry(context, &entry);
|
||||
}
|
||||
krb5_kt_close (context, keytab);
|
||||
if (ret)
|
||||
return ret;
|
||||
ret = krb5_copy_keyblock (context, &entry.keyblock, key);
|
||||
krb5_kt_free_entry(context, &entry);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -482,11 +483,13 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||
krb5_kt_close(krb5_context context,
|
||||
krb5_keytab id)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_error_code ret = 0;
|
||||
|
||||
ret = (*id->close)(context, id);
|
||||
memset(id, 0, sizeof(*id));
|
||||
free(id);
|
||||
if (id) {
|
||||
ret = (id->close)(context, id);
|
||||
memset(id, 0, sizeof(*id));
|
||||
free(id);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -620,6 +623,7 @@ krb5_kt_get_entry_wrapped(krb5_context context,
|
||||
if(id->get)
|
||||
return (*id->get)(context, id, principal, kvno, enctype, entry);
|
||||
|
||||
memset(&tmp, 0, sizeof(tmp));
|
||||
ret = krb5_kt_start_seq_get (context, id, &cursor);
|
||||
if (ret) {
|
||||
/* This is needed for krb5_verify_init_creds, but keep error
|
||||
@@ -731,21 +735,21 @@ krb5_kt_copy_entry_contents(krb5_context context,
|
||||
krb5_error_code ret;
|
||||
|
||||
memset(out, 0, sizeof(*out));
|
||||
out->vno = in->vno;
|
||||
|
||||
ret = krb5_copy_principal (context, in->principal, &out->principal);
|
||||
if (ret)
|
||||
goto fail;
|
||||
return ret;
|
||||
ret = krb5_copy_keyblock_contents (context,
|
||||
&in->keyblock,
|
||||
&out->keyblock);
|
||||
if (ret)
|
||||
goto fail;
|
||||
if (ret) {
|
||||
krb5_free_principal(context, out->principal);
|
||||
memset(out, 0, sizeof(*out));
|
||||
return ret;
|
||||
}
|
||||
out->vno = in->vno;
|
||||
out->timestamp = in->timestamp;
|
||||
return 0;
|
||||
fail:
|
||||
krb5_kt_free_entry (context, out);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -927,6 +931,7 @@ krb5_kt_have_content(krb5_context context,
|
||||
krb5_error_code ret;
|
||||
char *name;
|
||||
|
||||
memset(&entry, 0, sizeof(entry));
|
||||
ret = krb5_kt_start_seq_get(context, id, &cursor);
|
||||
if (ret)
|
||||
goto notfound;
|
||||
|
@@ -371,6 +371,7 @@ fkt_start_seq_get_int(krb5_context context,
|
||||
struct fkt_data *d = id->data;
|
||||
const char *stdio_mode = "rb";
|
||||
|
||||
memset(c, 0, sizeof(*c));
|
||||
c->fd = open (d->filename, flags);
|
||||
if (c->fd < 0) {
|
||||
ret = errno;
|
||||
|
@@ -1044,5 +1044,24 @@ extern KRB5_LIB_VARIABLE const char *krb5_cc_type_scc;
|
||||
extern KRB5_LIB_VARIABLE const char *krb5_cc_type_dcc;
|
||||
extern KRB5_LIB_VARIABLE const char *krb5_cc_type_keyring;
|
||||
|
||||
/* clang analyzer workarounds */
|
||||
|
||||
#ifdef __clang_analyzer__
|
||||
/*
|
||||
* The clang analyzer (lint) can't know that krb5_enomem() always returns
|
||||
* non-zero, so code like:
|
||||
*
|
||||
* if ((x = malloc(...)) == NULL)
|
||||
* ret = krb5_enomem(context)
|
||||
* if (ret == 0)
|
||||
* *x = ...;
|
||||
*
|
||||
* causes false positives.
|
||||
*
|
||||
* The fix is to make krb5_enomem() a macro that always evaluates to ENOMEM.
|
||||
*/
|
||||
#define krb5_enomem(c) (krb5_enomem(c), ENOMEM)
|
||||
#endif
|
||||
|
||||
#endif /* __KRB5_H__ */
|
||||
|
||||
|
@@ -110,6 +110,12 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count,
|
||||
if(rr->type == rk_ns_t_srv)
|
||||
num_srv++;
|
||||
|
||||
if (num_srv == 0) {
|
||||
_krb5_debug(context, 0,
|
||||
"DNS SRV RR lookup domain nodata: %s", domain);
|
||||
return KRB5_KDC_UNREACH;
|
||||
}
|
||||
|
||||
*res = malloc(num_srv * sizeof(**res));
|
||||
if(*res == NULL) {
|
||||
rk_dns_free_data(r);
|
||||
|
@@ -473,7 +473,7 @@ make_subsidiary_residual(krb5_context context,
|
||||
char **presidual)
|
||||
{
|
||||
if (asprintf(presidual, "%s:%s:%s", anchor_name, collection_name,
|
||||
subsidiary_name) < 0) {
|
||||
subsidiary_name ? subsidiary_name : "tkt") < 0) {
|
||||
*presidual = NULL;
|
||||
return krb5_enomem(context);
|
||||
}
|
||||
@@ -498,6 +498,9 @@ get_collection(krb5_context context,
|
||||
|
||||
heim_base_atomic_init(pcollection_id, 0);
|
||||
|
||||
if (!anchor_name || !collection_name)
|
||||
return KRB5_KCC_INVALID_ANCHOR;
|
||||
|
||||
if (strcmp(anchor_name, KRCC_PERSISTENT_ANCHOR) == 0) {
|
||||
/*
|
||||
* The collection name is a uid (or empty for the current effective
|
||||
@@ -1262,7 +1265,7 @@ alloc_cache(krb5_context context,
|
||||
subsidiary_name, &data->krc_name);
|
||||
if (ret ||
|
||||
(data->krc_collection = strdup(collection_name)) == NULL ||
|
||||
(data->krc_subsidiary = strdup(subsidiary_name)) == NULL) {
|
||||
(data->krc_subsidiary = strdup(subsidiary_name ? subsidiary_name : "tkt")) == NULL) {
|
||||
if (data) {
|
||||
free(data->krc_collection);
|
||||
free(data->krc_name);
|
||||
@@ -1887,7 +1890,8 @@ krcc_get_cache_next(krb5_context context,
|
||||
continue;
|
||||
|
||||
/* Don't repeat the primary cache. */
|
||||
if (strcmp(subsidiary_name, iter->primary_name) == 0)
|
||||
if (iter->primary_name &&
|
||||
strcmp(subsidiary_name ? subsidiary_name : "tkt", iter->primary_name) == 0)
|
||||
continue;
|
||||
|
||||
/* We found a valid key */
|
||||
|
@@ -1262,7 +1262,9 @@ krb5_kx509(krb5_context context, krb5_ccache cc, const char *realm)
|
||||
char *store_exp = NULL;
|
||||
|
||||
ret = krb5_kx509_ctx_init(context, &kx509_ctx);
|
||||
if (ret == 0 && realm)
|
||||
if (ret)
|
||||
return ret;
|
||||
if (realm)
|
||||
ret = krb5_kx509_ctx_set_realm(context, kx509_ctx, realm);
|
||||
|
||||
/*
|
||||
|
@@ -120,10 +120,10 @@ again:
|
||||
if (strcmp(m->name, m_c->name) == 0)
|
||||
break;
|
||||
if (m_c) {
|
||||
free(m->name);
|
||||
free(m);
|
||||
if (name) {
|
||||
/* We raced with another thread to create this cache */
|
||||
free(m->name);
|
||||
free(m);
|
||||
m = m_c;
|
||||
HEIMDAL_MUTEX_lock(&(m->mutex));
|
||||
m->refcnt++;
|
||||
|
@@ -258,15 +258,16 @@ _krb5_mk_ncred(krb5_context context,
|
||||
*/
|
||||
|
||||
ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto);
|
||||
if (ret == 0)
|
||||
ret = krb5_encrypt_EncryptedData(context,
|
||||
crypto,
|
||||
KRB5_KU_KRB_CRED,
|
||||
buf,
|
||||
len,
|
||||
0,
|
||||
&cred.enc_part);
|
||||
if (ret)
|
||||
goto out;
|
||||
ret = krb5_encrypt_EncryptedData(context,
|
||||
crypto,
|
||||
KRB5_KU_KRB_CRED,
|
||||
buf,
|
||||
len,
|
||||
0,
|
||||
&cred.enc_part);
|
||||
DISOWN_BUF(buf);
|
||||
krb5_crypto_destroy(context, crypto);
|
||||
}
|
||||
|
@@ -114,6 +114,14 @@ select_dh_group(krb5_context context, DH *dh, unsigned long bits,
|
||||
{
|
||||
const struct krb5_dh_moduli *m;
|
||||
|
||||
if (moduli[0] == NULL) {
|
||||
krb5_set_error_message(context, EINVAL,
|
||||
N_("Did not find a DH group parameter "
|
||||
"matching requirement of %lu bits", ""),
|
||||
bits);
|
||||
return EINVAL;
|
||||
}
|
||||
|
||||
if (bits == 0) {
|
||||
m = moduli[1]; /* XXX */
|
||||
if (m == NULL)
|
||||
@@ -1198,11 +1206,13 @@ pk_rd_pa_reply_enckey(krb5_context context,
|
||||
&contentType,
|
||||
&unwrapped,
|
||||
&host);
|
||||
if (ret == 0) {
|
||||
krb5_data_free(&content);
|
||||
ret = krb5_data_copy(&content, unwrapped.data, unwrapped.length);
|
||||
der_free_octet_string(&unwrapped);
|
||||
}
|
||||
if (ret)
|
||||
goto out;
|
||||
krb5_data_free(&content);
|
||||
ret = krb5_data_copy(&content, unwrapped.data, unwrapped.length);
|
||||
der_free_octet_string(&unwrapped);
|
||||
|
||||
heim_assert(host || (ctx->id->flags & PKINIT_NO_KDC_ANCHOR),
|
||||
"KDC signature must be verified unless PKINIT_NO_KDC_ANCHOR set");
|
||||
@@ -1857,7 +1867,7 @@ _krb5_pk_load_id(krb5_context context,
|
||||
{
|
||||
struct krb5_pk_identity *id = NULL;
|
||||
struct prompter p;
|
||||
int ret;
|
||||
krb5_error_code ret;
|
||||
|
||||
*ret_id = NULL;
|
||||
|
||||
@@ -2100,7 +2110,6 @@ _krb5_parse_moduli_line(krb5_context context,
|
||||
m1->q.length = 0;
|
||||
m1->q.data = 0;
|
||||
krb5_clear_error_message(context);
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
*m = m1;
|
||||
|
@@ -1762,7 +1762,7 @@ _krb5_get_name_canon_rules(krb5_context context, krb5_name_canon_rule *rules)
|
||||
"libdefaults", "safe_name_canon", NULL))
|
||||
make_rules_safe(context, *rules);
|
||||
|
||||
heim_assert(rules != NULL && (*rules)[0].type != KRB5_NCRT_BOGUS,
|
||||
heim_assert((*rules)[0].type != KRB5_NCRT_BOGUS,
|
||||
"internal error in parsing principal name "
|
||||
"canonicalization rules");
|
||||
|
||||
|
@@ -807,11 +807,10 @@ get_key_from_keytab(krb5_context context,
|
||||
kvno,
|
||||
ap_req->ticket.enc_part.etype,
|
||||
&entry);
|
||||
if(ret)
|
||||
goto out;
|
||||
ret = krb5_copy_keyblock(context, &entry.keyblock, out_key);
|
||||
krb5_kt_free_entry (context, &entry);
|
||||
out:
|
||||
if(ret == 0) {
|
||||
ret = krb5_copy_keyblock(context, &entry.keyblock, out_key);
|
||||
krb5_kt_free_entry(context, &entry);
|
||||
}
|
||||
if(keytab == NULL)
|
||||
krb5_kt_close(context, real_keytab);
|
||||
|
||||
|
@@ -1370,16 +1370,18 @@ krb5_ret_times(krb5_storage *sp, krb5_times *times)
|
||||
{
|
||||
int ret;
|
||||
int32_t tmp;
|
||||
|
||||
ret = krb5_ret_int32(sp, &tmp);
|
||||
if (ret) return ret;
|
||||
times->authtime = tmp;
|
||||
if(ret) return ret;
|
||||
ret = krb5_ret_int32(sp, &tmp);
|
||||
if (ret) return ret;
|
||||
times->starttime = tmp;
|
||||
if(ret) return ret;
|
||||
ret = krb5_ret_int32(sp, &tmp);
|
||||
if (ret) return ret;
|
||||
times->endtime = tmp;
|
||||
if(ret) return ret;
|
||||
ret = krb5_ret_int32(sp, &tmp);
|
||||
if (ret) return ret;
|
||||
times->renew_till = tmp;
|
||||
return ret;
|
||||
}
|
||||
|
@@ -670,6 +670,8 @@ test_move(krb5_context context, const char *type)
|
||||
krb5_err(context, 1, ret, "krb5_cc_new_unique");
|
||||
|
||||
ret = krb5_cc_move(context, fromid, toid);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_cc_move");
|
||||
|
||||
ret = krb5_cc_get_principal(context, toid, &p2);
|
||||
if (ret)
|
||||
|
@@ -48,11 +48,11 @@ expand_hostname(krb5_context context, const char *host)
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_expand_hostname(%s)", host);
|
||||
|
||||
free(h);
|
||||
|
||||
if (debug_flag)
|
||||
printf("hostname: %s -> %s\n", host, h);
|
||||
|
||||
free(h);
|
||||
|
||||
ret = krb5_expand_hostname_realms(context, host, &h, &r);
|
||||
if (ret)
|
||||
krb5_err(context, 1, ret, "krb5_expand_hostname_realms(%s)", host);
|
||||
|
@@ -274,13 +274,17 @@ decode_realms(krb5_context context,
|
||||
}
|
||||
if(tr[i] == ','){
|
||||
tmp = malloc(tr + i - start + 1);
|
||||
if(tmp == NULL)
|
||||
if(tmp == NULL) {
|
||||
free_realms(*realms);
|
||||
*realms = NULL;
|
||||
return krb5_enomem(context);
|
||||
}
|
||||
memcpy(tmp, start, tr + i - start);
|
||||
tmp[tr + i - start] = '\0';
|
||||
r = make_realm(tmp);
|
||||
if(r == NULL){
|
||||
free_realms(*realms);
|
||||
*realms = NULL;
|
||||
return krb5_enomem(context);
|
||||
}
|
||||
*realms = append_realm(*realms, r);
|
||||
@@ -289,7 +293,8 @@ decode_realms(krb5_context context,
|
||||
}
|
||||
tmp = malloc(tr + i - start + 1);
|
||||
if(tmp == NULL){
|
||||
free(*realms);
|
||||
free_realms(*realms);
|
||||
*realms = NULL;
|
||||
return krb5_enomem(context);
|
||||
}
|
||||
memcpy(tmp, start, tr + i - start);
|
||||
@@ -297,6 +302,7 @@ decode_realms(krb5_context context,
|
||||
r = make_realm(tmp);
|
||||
if(r == NULL){
|
||||
free_realms(*realms);
|
||||
*realms = NULL;
|
||||
return krb5_enomem(context);
|
||||
}
|
||||
*realms = append_realm(*realms, r);
|
||||
@@ -353,8 +359,6 @@ krb5_domain_x500_decode(krb5_context context,
|
||||
{
|
||||
char **R;
|
||||
R = malloc((*num_realms + 1) * sizeof(*R));
|
||||
if (R == NULL)
|
||||
return krb5_enomem(context);
|
||||
*realms = R;
|
||||
while(r){
|
||||
*R++ = r->realm;
|
||||
@@ -362,6 +366,8 @@ krb5_domain_x500_decode(krb5_context context,
|
||||
free(r);
|
||||
r = p;
|
||||
}
|
||||
if (*realms == NULL)
|
||||
return krb5_enomem(context);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@@ -621,11 +627,12 @@ krb5_check_transited(krb5_context context,
|
||||
return ret;
|
||||
|
||||
for (i = 0; i < num_realms; i++) {
|
||||
for (j = 0; j < num_capath; ++j) {
|
||||
for (j = 0; j < num_capath && capath[j]; ++j) {
|
||||
/* `capath[j]' can't be NULL, but compilers be dumb */
|
||||
if (strcmp(realms[i], capath[j]) == 0)
|
||||
break;
|
||||
}
|
||||
if (j == num_capath) {
|
||||
if (j == num_capath || !capath[j]) {
|
||||
_krb5_free_capath(context, capath);
|
||||
krb5_set_error_message (context, KRB5KRB_AP_ERR_ILL_CR_TKT,
|
||||
N_("no transit allowed "
|
||||
|
Reference in New Issue
Block a user