The tests depend upon an ERANGE error for buffer length zero.
They broken due to 8324a2af1d
("lib/krb5: unparse_name_fixed error if invalid name buffer or length")
which returned EINVAL.
Change-Id: I81693f9d3f5fdc1838c11ffbfe0dafc742d9b207
If make_local_fast_ap_fxarmor() is called without a ccache
it will segmentation fault. Set a krb5 error message in the
context and fail with EINVAL.
Change-Id: I8a72a026dbae931e41498f55cd634ad2fee26772
krb5_cc_end_seq_get() is not expected to fail because it is a
cleanup routine. If it fails it indicates something wrong with
the cache or the system. Return the failure if there is one.
Otherwise, the failure from krb5_cc_next_cred() should be
returned UNLESS it is KRB5_CC_END in which case return success.
Change-Id: I80e07103e2fb38aa40418a436fa5351fb89549d3
Calls to krb5_principal_set_realm() can fail due to memory
allocation failures. If the client realm cannot be set in
the generated principal the wrong realm will be used.
Check for the result of krb5_principal_set_realm() and if
there is a failure, clean up and return the error code to
the caller.
Change-Id: Icadd04c858e88c1ba1d4344c60a784885a6a1344
If the output 'name' buffer is NULL or length is zero, there is
no place to unparse the principal name to. Fail with EINVAL and
if possible set an error message on the krb5_context.
This avoids potential NULL pointer dereferences.
Change-Id: Ie38d284f1867be883a2f2e31103ea50cd130a0fe
Refactor krb5_vset_error_message() to remove the many conditional
tests on the existence of krb5_context. If there is no krb5_context
then _krb5_debug() is a no-op. Therefore, there is no point in
performing any of the other work.
Change-Id: Ib88b592a542a195f27e352a80ced0a98a6f85300
Let the KRB5_SENDTO_DONE and KRB5_SENDTO_FAILED action states be
handled by the provided switch blocks. This ensures that the
'ret' value is set appropriately before exiting the loop.
Change-Id: I56f4cea83efd86203a9a7a36cf48c80f632cf779
Refactor the call to verify_common() to pass the krb5_cred by
pointer to and call krb5_free_cred_contents() in
verify_user_opt_int() instead of verify_common().
We sometimes use this idiom where we ignore the result of some function
such as krb5_unparse_name() and then we log something and we use the
ternary operator to handle any error from that function by substituting
a string like "<unknown>" or "<out-of-memory>". This yields some static
analyzer complaints. Maybe casting the function's result to void will
help.
Coverity thinks `handle` in lib/krb5/send_to_kdc.c:krb5_sendto_context()
at 1241 can be NULL, leading to a NULL derefence in `get_next()`. This
is an attempt to fix this by having `get_next()` check handle for NULL.
If getaddrinfo() succeeds and returns the gTLD name collision
address the result is ignored but the allocated addrinfo was not
freed.
If allocation of the krb5_krbhst_info structure fails the addrinfo
would also be leaked.
Change-Id: I94111e081cba9548f57ad7b7e7cbea3faab7502c
_krb5_mk_req_internal() accepts a (krb5_auth_context *) because
it can allocate and return a krb5_auth_context to the caller.
mkae_pa_tgs_req() should never be called with a non-NULL
krb5_auth_context but to avoid confusion, alter the signature
to accept a (krb5_auth_context *) instead of (krb5_auth_context)
so _krb5_mk_req_internal() is not called with a pointer to an
input parameter.
Change-Id: I6c2293529766eb06a9eebf41715533d8195b1f72
CHECK(ret, func(), label) jumps to the label if the function
returns non-zero. As a result it bypasses the free(s2) call.
Use the common out label to free(s2).
Change-Id: I9a79df669e6407a82991f4a849fc16a0afaae561
5be5faa722
("Use all DES keys, not just des-cbc-md5, verify that they all are the same.")
introduced a common out but missed a code path.
Change-Id: I27c1913c8cf87600ae34c42874bfc9d49ae1d22e
hx509_get_error_string() returns an allocated string that must
be freed with hx509_free_error_string().
Change-Id: Ib24713d2425f53eb69fc9ebfc7cc1af3272b6271
hx509_get_error_string() returns an allocated string that must
be freed with hx509_free_error_string().
Change-Id: I58d160ce1b09c48b587e8adce74277f6da469ceb
7ae2dfd853
("krb5: Fix error msg when removing keytab entries") allocated
'emsg' to prevent the leak but then forgot to use it in place
of the original krb5_get_error_message() call.
Change-Id: I0b5acdab54d75399be970837a421740f2ad7d73b
Change-Id: Icc211f165c7aff1b0268b4c6df12eb976df2f8bd
warning: missing braces around initializer [-Wmissing-braces]
warning: (near initialization for 'rep.kdc_rep') [-Wmissing-braces]
warning: missing initializer for field 'enc_part' of 'krb5_kdc_rep' [-Wmissing-field-initializers]
do not pass negative values to malloc
do not pass negative values to strerror
do not pass negative values to ftruncate
do not pass negative values to fclose
Change-Id: I79ebef4e22edd14343ebeebb2ef8308785064fe8
Now that ETYPE_xxx names are macros to the KRB5_ENCTYPE_xxx
symbols there is no longer a need to cast to (krb5_enctype).
Change-Id: Ib561f6e45346abac7a53eb1db0bfef60ee3bcb74
Use of an anonymous enum for ETYPE_xxx and ENCTYPE_xxx alternative
names results in loss of the original KRB5_ENCTYPE_xxx type.
Use CPP macros instead.
Change-Id: I84620aabd672db1d2cd0ff7a65f3ae8b34c0c684
Make krb5_pac a heim_object_t and use heim_retain() (i.e. reference count +1)
as the copy constructor for the type decoration.
Note: this assumes that PACs included in naming attributes are immutable.
