First, we enlarge Member's val field to int64_t.
Then we warn about skipping 2int, int2, and parse units glue for such
things with too-large members.
And we error out when generating the template for such things with
>UINT32_MAX members.
What about too-negative members? That could be a thing for INTEGER /
ENUMERATED. We'll look at that later.
We sometimes use this idiom where we ignore the result of some function
such as krb5_unparse_name() and then we log something and we use the
ternary operator to handle any error from that function by substituting
a string like "<unknown>" or "<out-of-memory>". This yields some static
analyzer complaints. Maybe casting the function's result to void will
help.
Coverity thinks `handle` in lib/krb5/send_to_kdc.c:krb5_sendto_context()
at 1241 can be NULL, leading to a NULL derefence in `get_next()`. This
is an attempt to fix this by having `get_next()` check handle for NULL.
if _hx509_unparse_KRB5PrincipalName() fails return the error code
to the hx509_request_get_san() caller.
Change-Id: I3ad8ceda23f00263890115f292ca7e4c8ce9317b
1a793c04fa
("lib/hx509: revoke_print free revoke_context") forgot to pass
the address of 'revoke_ctx' to hx509_revoke_free().
Change-Id: I430a72a4dc7bce7099fc02bbe1feae625304a53a
The output buffer returned from hx509_name_to_string() must be
freed before it is overwritten by another call to
hx509_name_to_string().
Change-Id: Iaf28b14a2712cd28085ac5452819818e739d43ed
_hx509_unparse_utf8_string_name() and
_hx509_unparse_KRB5PrincipalName() can return a strpool even if
they fail. The strpool must be passed through rk_strpoolcollect()
in order to return the contents to the caller of
hx509_request_get_san().
Change-Id: Ifda5620f4e9e00ca188aa138f692fccc12621ae8
Tighten up all of the call sites of hx509_request_get_san()
to free the output string returned upon failure.
Use frees(&s) instead of free(s); s = NULL;.
Change-Id: I71035d7c1d2330a1a3a1b3b730cdd6ba1e6b7da3
kadm5_ad_destroy() frees the contents of the kadm5_ad_context
but not the kadm5_ad_context itself.
Change-Id: I70dc1fc0236166ed9725f681dfeb935f449e38cb
If the cache principal name cannot be determined free the client
principal created from the input client name.
Change-Id: I75f96ef9f490bd9eb761a900e7a26250f1ac2b9c
If getaddrinfo() succeeds and returns the gTLD name collision
address the result is ignored but the allocated addrinfo was not
freed.
If allocation of the krb5_krbhst_info structure fails the addrinfo
would also be leaked.
Change-Id: I94111e081cba9548f57ad7b7e7cbea3faab7502c
