1a793c04fa
("lib/hx509: revoke_print free revoke_context") forgot to pass
the address of 'revoke_ctx' to hx509_revoke_free().
Change-Id: I430a72a4dc7bce7099fc02bbe1feae625304a53a
The output buffer returned from hx509_name_to_string() must be
freed before it is overwritten by another call to
hx509_name_to_string().
Change-Id: Iaf28b14a2712cd28085ac5452819818e739d43ed
_hx509_unparse_utf8_string_name() and
_hx509_unparse_KRB5PrincipalName() can return a strpool even if
they fail. The strpool must be passed through rk_strpoolcollect()
in order to return the contents to the caller of
hx509_request_get_san().
Change-Id: Ifda5620f4e9e00ca188aa138f692fccc12621ae8
Tighten up all of the call sites of hx509_request_get_san()
to free the output string returned upon failure.
Use frees(&s) instead of free(s); s = NULL;.
Change-Id: I71035d7c1d2330a1a3a1b3b730cdd6ba1e6b7da3
kadm5_ad_destroy() frees the contents of the kadm5_ad_context
but not the kadm5_ad_context itself.
Change-Id: I70dc1fc0236166ed9725f681dfeb935f449e38cb
If the cache principal name cannot be determined free the client
principal created from the input client name.
Change-Id: I75f96ef9f490bd9eb761a900e7a26250f1ac2b9c
If getaddrinfo() succeeds and returns the gTLD name collision
address the result is ignored but the allocated addrinfo was not
freed.
If allocation of the krb5_krbhst_info structure fails the addrinfo
would also be leaked.
Change-Id: I94111e081cba9548f57ad7b7e7cbea3faab7502c
_krb5_mk_req_internal() accepts a (krb5_auth_context *) because
it can allocate and return a krb5_auth_context to the caller.
mkae_pa_tgs_req() should never be called with a non-NULL
krb5_auth_context but to avoid confusion, alter the signature
to accept a (krb5_auth_context *) instead of (krb5_auth_context)
so _krb5_mk_req_internal() is not called with a pointer to an
input parameter.
Change-Id: I6c2293529766eb06a9eebf41715533d8195b1f72
CHECK(ret, func(), label) jumps to the label if the function
returns non-zero. As a result it bypasses the free(s2) call.
Use the common out label to free(s2).
Change-Id: I9a79df669e6407a82991f4a849fc16a0afaae561
5be5faa722
("Use all DES keys, not just des-cbc-md5, verify that they all are the same.")
introduced a common out but missed a code path.
Change-Id: I27c1913c8cf87600ae34c42874bfc9d49ae1d22e
hx509_get_error_string() returns an allocated string that must
be freed with hx509_free_error_string().
Change-Id: Ib24713d2425f53eb69fc9ebfc7cc1af3272b6271
hx509_get_error_string() returns an allocated string that must
be freed with hx509_free_error_string().
Change-Id: I58d160ce1b09c48b587e8adce74277f6da469ceb
7ae2dfd853
("krb5: Fix error msg when removing keytab entries") allocated
'emsg' to prevent the leak but then forgot to use it in place
of the original krb5_get_error_message() call.
Change-Id: I0b5acdab54d75399be970837a421740f2ad7d73b
Change-Id: I4e872126f5c1deb48d36f5bdac22da7c0df3c8a1
warning: missing braces around initializer [-Wmissing-braces]
warning: (near initialization for 'fastreq.fast_options') [-Wmissing-braces]
warning: missing initializer for field 'padata' of 'struct KrbFastReq' [-Wmissing-field-initializers]
warning: ‘ver’ may be used uninitialized in this function [-Wmaybe-uninitialized]
'ver' can be uninitialized if get_right() fails.
Change-Id: If6019cc3c491b8be321ff3e08f3d27292f0f1f95
Change-Id: Icc211f165c7aff1b0268b4c6df12eb976df2f8bd
warning: missing braces around initializer [-Wmissing-braces]
warning: (near initialization for 'rep.kdc_rep') [-Wmissing-braces]
warning: missing initializer for field 'enc_part' of 'krb5_kdc_rep' [-Wmissing-field-initializers]
Alphabetically sorted the $(spnego_files), $(gssapi_files), and $(gen_files_hdb)
lists.
Added rules to execute clang-format when available on the included files.
Change-Id: If3cde862f3237bc7cd100bc82d4fbbf568f1a354
do not pass negative values to malloc
do not pass negative values to strerror
do not pass negative values to ftruncate
do not pass negative values to fclose
Change-Id: I79ebef4e22edd14343ebeebb2ef8308785064fe8
When an unsigned char is shifted << 24 bits its type will be
promoted to signed 32-bits. If the value is then assigned to
an unsigned 64-bit value sign extension will occur.
Prevent the unwanted sign extension by explicitly casting the
value to unsigned long before shifting.
Change-Id: Iabeac0f17dc3229a2dc89abe71960a8ffbf523f8
If the input 'bn' is NULL then BN_bin2bn() will allocate and
return a BIGNUM which will then be leaked. BN_set_word()
would then return true even though it didn't set the word
into a BIGNUM known to the caller.
Change-Id: I6681f548e6bfb330cec009ae7c18e6151016179e
