_hx509_unparse_utf8_string_name() and
_hx509_unparse_KRB5PrincipalName() can return a strpool even if
they fail. The strpool must be passed through rk_strpoolcollect()
in order to return the contents to the caller of
hx509_request_get_san().
Change-Id: Ifda5620f4e9e00ca188aa138f692fccc12621ae8
Tighten up all of the call sites of hx509_request_get_san()
to free the output string returned upon failure.
Use frees(&s) instead of free(s); s = NULL;.
Change-Id: I71035d7c1d2330a1a3a1b3b730cdd6ba1e6b7da3
kadm5_ad_destroy() frees the contents of the kadm5_ad_context
but not the kadm5_ad_context itself.
Change-Id: I70dc1fc0236166ed9725f681dfeb935f449e38cb
If the cache principal name cannot be determined free the client
principal created from the input client name.
Change-Id: I75f96ef9f490bd9eb761a900e7a26250f1ac2b9c
If getaddrinfo() succeeds and returns the gTLD name collision
address the result is ignored but the allocated addrinfo was not
freed.
If allocation of the krb5_krbhst_info structure fails the addrinfo
would also be leaked.
Change-Id: I94111e081cba9548f57ad7b7e7cbea3faab7502c
_krb5_mk_req_internal() accepts a (krb5_auth_context *) because
it can allocate and return a krb5_auth_context to the caller.
mkae_pa_tgs_req() should never be called with a non-NULL
krb5_auth_context but to avoid confusion, alter the signature
to accept a (krb5_auth_context *) instead of (krb5_auth_context)
so _krb5_mk_req_internal() is not called with a pointer to an
input parameter.
Change-Id: I6c2293529766eb06a9eebf41715533d8195b1f72
CHECK(ret, func(), label) jumps to the label if the function
returns non-zero. As a result it bypasses the free(s2) call.
Use the common out label to free(s2).
Change-Id: I9a79df669e6407a82991f4a849fc16a0afaae561
5be5faa722
("Use all DES keys, not just des-cbc-md5, verify that they all are the same.")
introduced a common out but missed a code path.
Change-Id: I27c1913c8cf87600ae34c42874bfc9d49ae1d22e
hx509_get_error_string() returns an allocated string that must
be freed with hx509_free_error_string().
Change-Id: Ib24713d2425f53eb69fc9ebfc7cc1af3272b6271
hx509_get_error_string() returns an allocated string that must
be freed with hx509_free_error_string().
Change-Id: I58d160ce1b09c48b587e8adce74277f6da469ceb
7ae2dfd853
("krb5: Fix error msg when removing keytab entries") allocated
'emsg' to prevent the leak but then forgot to use it in place
of the original krb5_get_error_message() call.
Change-Id: I0b5acdab54d75399be970837a421740f2ad7d73b
Change-Id: I4e872126f5c1deb48d36f5bdac22da7c0df3c8a1
warning: missing braces around initializer [-Wmissing-braces]
warning: (near initialization for 'fastreq.fast_options') [-Wmissing-braces]
warning: missing initializer for field 'padata' of 'struct KrbFastReq' [-Wmissing-field-initializers]
warning: ‘ver’ may be used uninitialized in this function [-Wmaybe-uninitialized]
'ver' can be uninitialized if get_right() fails.
Change-Id: If6019cc3c491b8be321ff3e08f3d27292f0f1f95
Change-Id: Icc211f165c7aff1b0268b4c6df12eb976df2f8bd
warning: missing braces around initializer [-Wmissing-braces]
warning: (near initialization for 'rep.kdc_rep') [-Wmissing-braces]
warning: missing initializer for field 'enc_part' of 'krb5_kdc_rep' [-Wmissing-field-initializers]
Alphabetically sorted the $(spnego_files), $(gssapi_files), and $(gen_files_hdb)
lists.
Added rules to execute clang-format when available on the included files.
Change-Id: If3cde862f3237bc7cd100bc82d4fbbf568f1a354
do not pass negative values to malloc
do not pass negative values to strerror
do not pass negative values to ftruncate
do not pass negative values to fclose
Change-Id: I79ebef4e22edd14343ebeebb2ef8308785064fe8
When an unsigned char is shifted << 24 bits its type will be
promoted to signed 32-bits. If the value is then assigned to
an unsigned 64-bit value sign extension will occur.
Prevent the unwanted sign extension by explicitly casting the
value to unsigned long before shifting.
Change-Id: Iabeac0f17dc3229a2dc89abe71960a8ffbf523f8
If the input 'bn' is NULL then BN_bin2bn() will allocate and
return a BIGNUM which will then be leaked. BN_set_word()
would then return true even though it didn't set the word
into a BIGNUM known to the caller.
Change-Id: I6681f548e6bfb330cec009ae7c18e6151016179e
Prior to this commit only those C structs for SET and SEQUENCE types
could be decorated. Now those for CHOICE types also can be decorated.
We could further extend this to SET OF and SEQUENCE OF types if it
proves useful.
Now that ETYPE_xxx names are macros to the KRB5_ENCTYPE_xxx
symbols there is no longer a need to cast to (krb5_enctype).
Change-Id: Ib561f6e45346abac7a53eb1db0bfef60ee3bcb74
Use of an anonymous enum for ETYPE_xxx and ENCTYPE_xxx alternative
names results in loss of the original KRB5_ENCTYPE_xxx type.
Use CPP macros instead.
Change-Id: I84620aabd672db1d2cd0ff7a65f3ae8b34c0c684
