diff --git a/lib/krb5/acl.c b/lib/krb5/acl.c index b53c179b7..d31961482 100644 --- a/lib/krb5/acl.c +++ b/lib/krb5/acl.c @@ -246,7 +246,7 @@ krb5_acl_match_file(krb5_context context, ...) { krb5_error_code ret; - struct acl_field *acl; + struct acl_field *acl = NULL; char buf[256]; va_list ap; FILE *f; diff --git a/lib/krb5/addr_families.c b/lib/krb5/addr_families.c index 4d235fff4..a736d893e 100644 --- a/lib/krb5/addr_families.c +++ b/lib/krb5/addr_families.c @@ -525,7 +525,7 @@ arange_parse_addr (krb5_context context, return ret; } - if(high.len != 1 && high.val[0].addr_type != low.val[0].addr_type) { + if(high.len != 1 || high.val[0].addr_type != low.val[0].addr_type) { krb5_free_addresses(context, &low); krb5_free_addresses(context, &high); return -1; diff --git a/lib/krb5/aes-test.c b/lib/krb5/aes-test.c index 7bca78ab6..01522dd59 100644 --- a/lib/krb5/aes-test.c +++ b/lib/krb5/aes-test.c @@ -754,6 +754,9 @@ krb_enc_test(krb5_context context) kb.keyvalue.data = krbencs[i].key; ret = krb5_crypto_init(context, &kb, krbencs[i].enctype, &crypto); + if (ret) + krb5_err(context, 1, ret, "krb5_crypto_init failed with %d for test %d", + ret, i); cipher.length = krbencs[i].elen; cipher.data = krbencs[i].edata; @@ -763,20 +766,24 @@ krb_enc_test(krb5_context context) ret = krb_enc(context, crypto, krbencs[i].usage, &cipher, &plain); if (ret) - errx(1, "krb_enc failed with %d for test %d", ret, i); + krb5_err(context, 1, ret, "krb_enc failed with %d for test %d", + ret, i); ret = krb_enc_iov(context, crypto, krbencs[i].usage, &cipher, &plain); if (ret) - errx(1, "krb_enc_iov failed with %d for test %d", ret, i); + krb5_err(context, 1, ret, "krb_enc_iov failed with %d for test %d", + ret, i); ret = krb_enc_iov2(context, crypto, krbencs[i].usage, cipher.length, &plain); if (ret) - errx(1, "krb_enc_iov2 failed with %d for test %d", ret, i); + krb5_err(context, 1, ret, "krb_enc_iov2 failed with %d for test %d", + ret, i); ret = krb_checksum_iov(context, crypto, krbencs[i].usage, &plain, NULL); if (ret) - errx(1, "krb_checksum_iov failed with %d for test %d", ret, i); + krb5_err(context, 1, ret, + "krb_checksum_iov failed with %d for test %d", ret, i); if (krbencs[i].cdata) { krb5_data checksum; @@ -787,7 +794,9 @@ krb_enc_test(krb5_context context) ret = krb_checksum_iov(context, crypto, krbencs[i].usage, &plain, &checksum); if (ret) - errx(1, "krb_checksum_iov(2) failed with %d for test %d", ret, i); + krb5_err(context, 1, ret, + "krb_checksum_iov(2) failed with %d for test %d", + ret, i); } krb5_crypto_destroy(context, crypto); @@ -795,7 +804,8 @@ krb_enc_test(krb5_context context) ret = krb_enc_mit(context, krbencs[i].enctype, &kb, krbencs[i].usage, &cipher, &plain); if (ret) - errx(1, "krb_enc_mit failed with %d for test %d", ret, i); + krb5_err(context, 1, ret, "krb_enc_mit failed with %d for test %d", + ret, i); } return 0; diff --git a/lib/krb5/asn1_glue.c b/lib/krb5/asn1_glue.c index bee170b61..7925632b6 100644 --- a/lib/krb5/asn1_glue.c +++ b/lib/krb5/asn1_glue.c @@ -78,7 +78,7 @@ _krb5_ticket2krb5_principal(krb5_context context, const AuthorizationData *authenticator_ad) { krb5_error_code ret; - krb5_principal p; + krb5_principal p = NULL; *principal = NULL; @@ -127,7 +127,7 @@ _krb5_kdcrep2krb5_principal(krb5_context context, const EncKDCRepPart *kdcrep) { krb5_error_code ret; - krb5_principal p; + krb5_principal p = NULL; *principal = NULL; diff --git a/lib/krb5/cache.c b/lib/krb5/cache.c index 1920796ff..a337e3a2e 100644 --- a/lib/krb5/cache.c +++ b/lib/krb5/cache.c @@ -514,7 +514,7 @@ krb5_cc_get_subsidiary(krb5_context context, krb5_ccache id) const char *name = NULL; if (id->ops->version >= KRB5_CC_OPS_VERSION_5 - && id->ops->get_name_2 == NULL) + && id->ops->get_name_2 != NULL) (void) id->ops->get_name_2(context, id, NULL, NULL, &name); return name; } @@ -923,7 +923,7 @@ krb5_cc_destroy(krb5_context context, /* * Destroy associated hx509 PKIX credential store created by krb5_kx509*(). */ - if ((ret = krb5_cc_get_config(context, id, NULL, "kx509store", &d)) == 0) { + if (krb5_cc_get_config(context, id, NULL, "kx509store", &d) == 0) { char *name; if ((name = strndup(d.data, d.length)) == NULL) { @@ -1001,7 +1001,6 @@ krb5_cc_close(krb5_context context, _krb5_debug(context, 2, "failed to fetch a certificate"); else _krb5_debug(context, 2, "fetched a certificate"); - ret = 0; } } diff --git a/lib/krb5/context.c b/lib/krb5/context.c index 51faf8de9..d1af3c7c1 100644 --- a/lib/krb5/context.c +++ b/lib/krb5/context.c @@ -106,7 +106,7 @@ init_context_from_config_file(krb5_context context) krb5_error_code ret; const char * tmp; char **s; - krb5_enctype *tmptypes; + krb5_enctype *tmptypes = NULL; INIT_FIELD(context, time, max_skew, 5 * 60, "clockskew"); INIT_FIELD(context, time, kdc_timeout, 30, "kdc_timeout"); diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index 524b2e786..a4ab3753f 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -2152,7 +2152,10 @@ krb5_crypto_length(krb5_context context, *len = 0; return 0; case KRB5_CRYPTO_TYPE_TRAILER: - *len = CHECKSUMSIZE(crypto->et->keyed_checksum); + if (crypto->et->keyed_checksum) + *len = CHECKSUMSIZE(crypto->et->keyed_checksum); + else + *len = 0; return 0; case KRB5_CRYPTO_TYPE_CHECKSUM: if (crypto->et->keyed_checksum) diff --git a/lib/krb5/dcache.c b/lib/krb5/dcache.c index 22183efca..a4c579e56 100644 --- a/lib/krb5/dcache.c +++ b/lib/krb5/dcache.c @@ -681,12 +681,12 @@ dcc_get_cache_first(krb5_context context, krb5_cc_cursor *cursor) } if ((iter->d = opendir(iter->dc->dir)) == NULL) { - free(iter->dc->dir); - free(iter->dc); - free(iter); krb5_set_error_message(context, KRB5_CC_FORMAT, N_("Can't open DIR %s: %s", ""), iter->dc->dir, strerror(errno)); + free(iter->dc->dir); + free(iter->dc); + free(iter); return KRB5_CC_FORMAT; } @@ -709,8 +709,8 @@ dcc_get_cache_next(krb5_context context, krb5_cc_cursor cursor, krb5_ccache *id) /* Emit primary subsidiary first */ if (iter->first && - (ret = get_default_cache(context, iter->dc, NULL, &iter->primary)) == 0 && - is_filename_cacheish(iter->primary)) { + get_default_cache(context, iter->dc, NULL, &iter->primary) == 0 && + iter->primary && is_filename_cacheish(iter->primary)) { iter->first = 0; ret = KRB5_CC_END; if (asprintf(&p, "FILE:%s/%s", iter->dc->dir, iter->primary) > -1 && p != NULL && diff --git a/lib/krb5/deprecated.c b/lib/krb5/deprecated.c index bcd07e3c2..0efa16270 100644 --- a/lib/krb5/deprecated.c +++ b/lib/krb5/deprecated.c @@ -324,15 +324,13 @@ krb5_keytab_key_proc (krb5_context context, ret = krb5_kt_get_entry (context, real_keytab, principal, 0, enctype, &entry); + if (ret == 0) { + ret = krb5_copy_keyblock (context, &entry.keyblock, key); + krb5_kt_free_entry(context, &entry); + } if (keytab == NULL) krb5_kt_close (context, real_keytab); - - if (ret) - return ret; - - ret = krb5_copy_keyblock (context, &entry.keyblock, key); - krb5_kt_free_entry(context, &entry); return ret; } diff --git a/lib/krb5/enomem.c b/lib/krb5/enomem.c index 371b07ff5..b4444e5a2 100644 --- a/lib/krb5/enomem.c +++ b/lib/krb5/enomem.c @@ -33,10 +33,10 @@ #include "krb5_locl.h" +#undef krb5_enomem KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_enomem(krb5_context context) { krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", "")); return ENOMEM; } - diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c index 08d4f4217..37a1409fa 100644 --- a/lib/krb5/fcache.c +++ b/lib/krb5/fcache.c @@ -477,7 +477,6 @@ fcc_open(krb5_context context, return krb5_einval(context, 2); if ((flags & O_EXCL)) { - flags &= ~O_EXCL; /* * FIXME Instead of mkostemp()... we could instead try to use a .new * file... with care. Or the O_TMPFILE / linkat() extensions. We need diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c index 3072cbf5f..dc41882f5 100644 --- a/lib/krb5/get_cred.c +++ b/lib/krb5/get_cred.c @@ -1375,6 +1375,8 @@ _krb5_get_cred_kdc_any(krb5_context context, krb5_deltat offset; krb5_data data; + krb5_data_zero(&data); + /* * If we are using LKDC, lets pull out the addreses from the * ticket and use that. @@ -1382,23 +1384,19 @@ _krb5_get_cred_kdc_any(krb5_context context, ret = krb5_cc_get_config(context, ccache, NULL, "lkdc-hostname", &data); if (ret == 0) { - kdc_hostname = malloc(data.length + 1); - if (kdc_hostname == NULL) - return krb5_enomem(context); - - memcpy(kdc_hostname, data.data, data.length); - kdc_hostname[data.length] = '\0'; + if ((kdc_hostname = strndup(data.data, data.length)) == NULL) { + ret = krb5_enomem(context); + goto out; + } krb5_data_free(&data); } ret = krb5_cc_get_config(context, ccache, NULL, "sitename", &data); if (ret == 0) { - sitename = malloc(data.length + 1); - if (sitename == NULL) - return krb5_enomem(context); - - memcpy(sitename, data.data, data.length); - sitename[data.length] = '\0'; + if ((sitename = strndup(data.data, data.length)) == NULL) { + ret = krb5_enomem(context); + goto out; + } krb5_data_free(&data); } @@ -1441,9 +1439,9 @@ _krb5_get_cred_kdc_any(krb5_context context, out_creds); out: + krb5_data_free(&data); free(kdc_hostname); free(sitename); - return ret; } diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index 3bb04130a..0ed47e798 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -2701,27 +2701,23 @@ keytab_key_proc(krb5_context context, krb5_enctype enctype, krb5_keytab keytab = args->keytab; krb5_principal principal = args->principal; krb5_error_code ret; - krb5_keytab real_keytab; + krb5_keytab real_keytab = NULL; krb5_keytab_entry entry; if (keytab == NULL) { ret = krb5_kt_default(context, &real_keytab); if (ret) return ret; - } else - real_keytab = keytab; + keytab = real_keytab; + } - ret = krb5_kt_get_entry (context, real_keytab, principal, - 0, enctype, &entry); + ret = krb5_kt_get_entry (context, keytab, principal, 0, enctype, &entry); + if (ret == 0) { + ret = krb5_copy_keyblock(context, &entry.keyblock, key); + krb5_kt_free_entry(context, &entry); + } - if (keytab == NULL) - krb5_kt_close (context, real_keytab); - - if (ret) - return ret; - - ret = krb5_copy_keyblock (context, &entry.keyblock, key); - krb5_kt_free_entry(context, &entry); + krb5_kt_close(context, real_keytab); return ret; } @@ -4009,7 +4005,7 @@ _krb5_init_creds_init_gss(krb5_context context, const struct gss_OID_desc_struct *gss_mech, unsigned int flags) { - krb5_gss_init_ctx gssic = ctx->gss_init_ctx; + krb5_gss_init_ctx gssic; gssic = calloc(1, sizeof(*gssic)); if (gssic == NULL) diff --git a/lib/krb5/keytab.c b/lib/krb5/keytab.c index 6ec14b8e1..df440d24e 100644 --- a/lib/krb5/keytab.c +++ b/lib/krb5/keytab.c @@ -358,10 +358,11 @@ krb5_kt_read_service_key(krb5_context context, krb5_enctype enctype, krb5_keyblock **key) { - krb5_keytab keytab; + krb5_keytab keytab = NULL; /* Quiet lint */ krb5_keytab_entry entry; krb5_error_code ret; + memset(&entry, 0, sizeof(entry)); if (keyprocarg) ret = krb5_kt_resolve (context, keyprocarg, &keytab); else @@ -371,11 +372,11 @@ krb5_kt_read_service_key(krb5_context context, return ret; ret = krb5_kt_get_entry (context, keytab, principal, vno, enctype, &entry); + if (ret == 0) { + ret = krb5_copy_keyblock (context, &entry.keyblock, key); + krb5_kt_free_entry(context, &entry); + } krb5_kt_close (context, keytab); - if (ret) - return ret; - ret = krb5_copy_keyblock (context, &entry.keyblock, key); - krb5_kt_free_entry(context, &entry); return ret; } @@ -482,11 +483,13 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_kt_close(krb5_context context, krb5_keytab id) { - krb5_error_code ret; + krb5_error_code ret = 0; - ret = (*id->close)(context, id); - memset(id, 0, sizeof(*id)); - free(id); + if (id) { + ret = (id->close)(context, id); + memset(id, 0, sizeof(*id)); + free(id); + } return ret; } @@ -620,6 +623,7 @@ krb5_kt_get_entry_wrapped(krb5_context context, if(id->get) return (*id->get)(context, id, principal, kvno, enctype, entry); + memset(&tmp, 0, sizeof(tmp)); ret = krb5_kt_start_seq_get (context, id, &cursor); if (ret) { /* This is needed for krb5_verify_init_creds, but keep error @@ -731,21 +735,21 @@ krb5_kt_copy_entry_contents(krb5_context context, krb5_error_code ret; memset(out, 0, sizeof(*out)); - out->vno = in->vno; ret = krb5_copy_principal (context, in->principal, &out->principal); if (ret) - goto fail; + return ret; ret = krb5_copy_keyblock_contents (context, &in->keyblock, &out->keyblock); - if (ret) - goto fail; + if (ret) { + krb5_free_principal(context, out->principal); + memset(out, 0, sizeof(*out)); + return ret; + } + out->vno = in->vno; out->timestamp = in->timestamp; return 0; -fail: - krb5_kt_free_entry (context, out); - return ret; } /** @@ -927,6 +931,7 @@ krb5_kt_have_content(krb5_context context, krb5_error_code ret; char *name; + memset(&entry, 0, sizeof(entry)); ret = krb5_kt_start_seq_get(context, id, &cursor); if (ret) goto notfound; diff --git a/lib/krb5/keytab_file.c b/lib/krb5/keytab_file.c index 595966ed3..5815ced93 100644 --- a/lib/krb5/keytab_file.c +++ b/lib/krb5/keytab_file.c @@ -371,6 +371,7 @@ fkt_start_seq_get_int(krb5_context context, struct fkt_data *d = id->data; const char *stdio_mode = "rb"; + memset(c, 0, sizeof(*c)); c->fd = open (d->filename, flags); if (c->fd < 0) { ret = errno; diff --git a/lib/krb5/krb5.h b/lib/krb5/krb5.h index 1dd30b170..4e3282622 100644 --- a/lib/krb5/krb5.h +++ b/lib/krb5/krb5.h @@ -1044,5 +1044,24 @@ extern KRB5_LIB_VARIABLE const char *krb5_cc_type_scc; extern KRB5_LIB_VARIABLE const char *krb5_cc_type_dcc; extern KRB5_LIB_VARIABLE const char *krb5_cc_type_keyring; +/* clang analyzer workarounds */ + +#ifdef __clang_analyzer__ +/* + * The clang analyzer (lint) can't know that krb5_enomem() always returns + * non-zero, so code like: + * + * if ((x = malloc(...)) == NULL) + * ret = krb5_enomem(context) + * if (ret == 0) + * *x = ...; + * + * causes false positives. + * + * The fix is to make krb5_enomem() a macro that always evaluates to ENOMEM. + */ +#define krb5_enomem(c) (krb5_enomem(c), ENOMEM) +#endif + #endif /* __KRB5_H__ */ diff --git a/lib/krb5/krbhst.c b/lib/krb5/krbhst.c index adb8e00e6..3037ca5d5 100644 --- a/lib/krb5/krbhst.c +++ b/lib/krb5/krbhst.c @@ -110,6 +110,12 @@ srv_find_realm(krb5_context context, krb5_krbhst_info ***res, int *count, if(rr->type == rk_ns_t_srv) num_srv++; + if (num_srv == 0) { + _krb5_debug(context, 0, + "DNS SRV RR lookup domain nodata: %s", domain); + return KRB5_KDC_UNREACH; + } + *res = malloc(num_srv * sizeof(**res)); if(*res == NULL) { rk_dns_free_data(r); diff --git a/lib/krb5/krcache.c b/lib/krb5/krcache.c index dbf81850e..581f7ebd6 100644 --- a/lib/krb5/krcache.c +++ b/lib/krb5/krcache.c @@ -473,7 +473,7 @@ make_subsidiary_residual(krb5_context context, char **presidual) { if (asprintf(presidual, "%s:%s:%s", anchor_name, collection_name, - subsidiary_name) < 0) { + subsidiary_name ? subsidiary_name : "tkt") < 0) { *presidual = NULL; return krb5_enomem(context); } @@ -498,6 +498,9 @@ get_collection(krb5_context context, heim_base_atomic_init(pcollection_id, 0); + if (!anchor_name || !collection_name) + return KRB5_KCC_INVALID_ANCHOR; + if (strcmp(anchor_name, KRCC_PERSISTENT_ANCHOR) == 0) { /* * The collection name is a uid (or empty for the current effective @@ -1262,7 +1265,7 @@ alloc_cache(krb5_context context, subsidiary_name, &data->krc_name); if (ret || (data->krc_collection = strdup(collection_name)) == NULL || - (data->krc_subsidiary = strdup(subsidiary_name)) == NULL) { + (data->krc_subsidiary = strdup(subsidiary_name ? subsidiary_name : "tkt")) == NULL) { if (data) { free(data->krc_collection); free(data->krc_name); @@ -1887,7 +1890,8 @@ krcc_get_cache_next(krb5_context context, continue; /* Don't repeat the primary cache. */ - if (strcmp(subsidiary_name, iter->primary_name) == 0) + if (iter->primary_name && + strcmp(subsidiary_name ? subsidiary_name : "tkt", iter->primary_name) == 0) continue; /* We found a valid key */ diff --git a/lib/krb5/kx509.c b/lib/krb5/kx509.c index 55cd0f345..2a689553e 100644 --- a/lib/krb5/kx509.c +++ b/lib/krb5/kx509.c @@ -1262,7 +1262,9 @@ krb5_kx509(krb5_context context, krb5_ccache cc, const char *realm) char *store_exp = NULL; ret = krb5_kx509_ctx_init(context, &kx509_ctx); - if (ret == 0 && realm) + if (ret) + return ret; + if (realm) ret = krb5_kx509_ctx_set_realm(context, kx509_ctx, realm); /* diff --git a/lib/krb5/mcache.c b/lib/krb5/mcache.c index 0db6d66b4..b381cae80 100644 --- a/lib/krb5/mcache.c +++ b/lib/krb5/mcache.c @@ -120,10 +120,10 @@ again: if (strcmp(m->name, m_c->name) == 0) break; if (m_c) { - free(m->name); - free(m); if (name) { /* We raced with another thread to create this cache */ + free(m->name); + free(m); m = m_c; HEIMDAL_MUTEX_lock(&(m->mutex)); m->refcnt++; diff --git a/lib/krb5/mk_cred.c b/lib/krb5/mk_cred.c index 33e62e5b0..41e858f80 100644 --- a/lib/krb5/mk_cred.c +++ b/lib/krb5/mk_cred.c @@ -258,15 +258,16 @@ _krb5_mk_ncred(krb5_context context, */ ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + if (ret == 0) + ret = krb5_encrypt_EncryptedData(context, + crypto, + KRB5_KU_KRB_CRED, + buf, + len, + 0, + &cred.enc_part); if (ret) goto out; - ret = krb5_encrypt_EncryptedData(context, - crypto, - KRB5_KU_KRB_CRED, - buf, - len, - 0, - &cred.enc_part); DISOWN_BUF(buf); krb5_crypto_destroy(context, crypto); } diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c index 0198400d9..ce96a3274 100644 --- a/lib/krb5/pkinit.c +++ b/lib/krb5/pkinit.c @@ -114,6 +114,14 @@ select_dh_group(krb5_context context, DH *dh, unsigned long bits, { const struct krb5_dh_moduli *m; + if (moduli[0] == NULL) { + krb5_set_error_message(context, EINVAL, + N_("Did not find a DH group parameter " + "matching requirement of %lu bits", ""), + bits); + return EINVAL; + } + if (bits == 0) { m = moduli[1]; /* XXX */ if (m == NULL) @@ -1198,11 +1206,13 @@ pk_rd_pa_reply_enckey(krb5_context context, &contentType, &unwrapped, &host); + if (ret == 0) { + krb5_data_free(&content); + ret = krb5_data_copy(&content, unwrapped.data, unwrapped.length); + der_free_octet_string(&unwrapped); + } if (ret) goto out; - krb5_data_free(&content); - ret = krb5_data_copy(&content, unwrapped.data, unwrapped.length); - der_free_octet_string(&unwrapped); heim_assert(host || (ctx->id->flags & PKINIT_NO_KDC_ANCHOR), "KDC signature must be verified unless PKINIT_NO_KDC_ANCHOR set"); @@ -1857,7 +1867,7 @@ _krb5_pk_load_id(krb5_context context, { struct krb5_pk_identity *id = NULL; struct prompter p; - int ret; + krb5_error_code ret; *ret_id = NULL; @@ -2100,7 +2110,6 @@ _krb5_parse_moduli_line(krb5_context context, m1->q.length = 0; m1->q.data = 0; krb5_clear_error_message(context); - ret = 0; } *m = m1; diff --git a/lib/krb5/principal.c b/lib/krb5/principal.c index e2d61f05c..dc6692ff2 100644 --- a/lib/krb5/principal.c +++ b/lib/krb5/principal.c @@ -1762,7 +1762,7 @@ _krb5_get_name_canon_rules(krb5_context context, krb5_name_canon_rule *rules) "libdefaults", "safe_name_canon", NULL)) make_rules_safe(context, *rules); - heim_assert(rules != NULL && (*rules)[0].type != KRB5_NCRT_BOGUS, + heim_assert((*rules)[0].type != KRB5_NCRT_BOGUS, "internal error in parsing principal name " "canonicalization rules"); diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c index 1793d575a..fcbfbfa79 100644 --- a/lib/krb5/rd_req.c +++ b/lib/krb5/rd_req.c @@ -807,11 +807,10 @@ get_key_from_keytab(krb5_context context, kvno, ap_req->ticket.enc_part.etype, &entry); - if(ret) - goto out; - ret = krb5_copy_keyblock(context, &entry.keyblock, out_key); - krb5_kt_free_entry (context, &entry); -out: + if(ret == 0) { + ret = krb5_copy_keyblock(context, &entry.keyblock, out_key); + krb5_kt_free_entry(context, &entry); + } if(keytab == NULL) krb5_kt_close(context, real_keytab); diff --git a/lib/krb5/store.c b/lib/krb5/store.c index 6a287bdf9..d280bcfa9 100644 --- a/lib/krb5/store.c +++ b/lib/krb5/store.c @@ -1370,16 +1370,18 @@ krb5_ret_times(krb5_storage *sp, krb5_times *times) { int ret; int32_t tmp; + ret = krb5_ret_int32(sp, &tmp); + if (ret) return ret; times->authtime = tmp; - if(ret) return ret; ret = krb5_ret_int32(sp, &tmp); + if (ret) return ret; times->starttime = tmp; - if(ret) return ret; ret = krb5_ret_int32(sp, &tmp); + if (ret) return ret; times->endtime = tmp; - if(ret) return ret; ret = krb5_ret_int32(sp, &tmp); + if (ret) return ret; times->renew_till = tmp; return ret; } diff --git a/lib/krb5/test_cc.c b/lib/krb5/test_cc.c index 39952dbfa..b73009f64 100644 --- a/lib/krb5/test_cc.c +++ b/lib/krb5/test_cc.c @@ -670,6 +670,8 @@ test_move(krb5_context context, const char *type) krb5_err(context, 1, ret, "krb5_cc_new_unique"); ret = krb5_cc_move(context, fromid, toid); + if (ret) + krb5_err(context, 1, ret, "krb5_cc_move"); ret = krb5_cc_get_principal(context, toid, &p2); if (ret) diff --git a/lib/krb5/test_hostname.c b/lib/krb5/test_hostname.c index fbdb5c9c3..f722353f6 100644 --- a/lib/krb5/test_hostname.c +++ b/lib/krb5/test_hostname.c @@ -48,11 +48,11 @@ expand_hostname(krb5_context context, const char *host) if (ret) krb5_err(context, 1, ret, "krb5_expand_hostname(%s)", host); - free(h); - if (debug_flag) printf("hostname: %s -> %s\n", host, h); + free(h); + ret = krb5_expand_hostname_realms(context, host, &h, &r); if (ret) krb5_err(context, 1, ret, "krb5_expand_hostname_realms(%s)", host); diff --git a/lib/krb5/transited.c b/lib/krb5/transited.c index 35c00e65a..484fd398c 100644 --- a/lib/krb5/transited.c +++ b/lib/krb5/transited.c @@ -274,13 +274,17 @@ decode_realms(krb5_context context, } if(tr[i] == ','){ tmp = malloc(tr + i - start + 1); - if(tmp == NULL) + if(tmp == NULL) { + free_realms(*realms); + *realms = NULL; return krb5_enomem(context); + } memcpy(tmp, start, tr + i - start); tmp[tr + i - start] = '\0'; r = make_realm(tmp); if(r == NULL){ free_realms(*realms); + *realms = NULL; return krb5_enomem(context); } *realms = append_realm(*realms, r); @@ -289,7 +293,8 @@ decode_realms(krb5_context context, } tmp = malloc(tr + i - start + 1); if(tmp == NULL){ - free(*realms); + free_realms(*realms); + *realms = NULL; return krb5_enomem(context); } memcpy(tmp, start, tr + i - start); @@ -297,6 +302,7 @@ decode_realms(krb5_context context, r = make_realm(tmp); if(r == NULL){ free_realms(*realms); + *realms = NULL; return krb5_enomem(context); } *realms = append_realm(*realms, r); @@ -353,8 +359,6 @@ krb5_domain_x500_decode(krb5_context context, { char **R; R = malloc((*num_realms + 1) * sizeof(*R)); - if (R == NULL) - return krb5_enomem(context); *realms = R; while(r){ *R++ = r->realm; @@ -362,6 +366,8 @@ krb5_domain_x500_decode(krb5_context context, free(r); r = p; } + if (*realms == NULL) + return krb5_enomem(context); } return 0; } @@ -621,11 +627,12 @@ krb5_check_transited(krb5_context context, return ret; for (i = 0; i < num_realms; i++) { - for (j = 0; j < num_capath; ++j) { + for (j = 0; j < num_capath && capath[j]; ++j) { + /* `capath[j]' can't be NULL, but compilers be dumb */ if (strcmp(realms[i], capath[j]) == 0) break; } - if (j == num_capath) { + if (j == num_capath || !capath[j]) { _krb5_free_capath(context, capath); krb5_set_error_message (context, KRB5KRB_AP_ERR_ILL_CR_TKT, N_("no transit allowed "