The definitions of memcpy(), memmove(), and memset() state that
the behaviour is undefined if any of the pointer arguments are
NULL, and some compilers are known to make use of this to
optimise away existing NULL checks in the source.
Change-Id: I489bc256e3eac7ff41d91becb0b43aba73dbb3f9
Link: https://www.imperialviolet.org/2016/06/26/nonnull.html
If 'local_realm' is true, must protect against failure
of krb5_get_default_realm() and krb5_principal_set_realm().
Otherwise, the wrong realm might be used.
Change-Id: Ib7a92559da1ac062c71228c5530106a13d836d53
instead of testing both cb_ctx.h and cb_ctx.h->prefix
for non-NULL, ensure that cb_ctx.h is NULL after each
failed for() loop. This also ensures that cb_ctx.h
is never left pointing to an invalid non-NULL value.
Change-Id: I3264577b0fbf1d620b00f87d251e8c43b81e0f29
Assign zero to the output size parameter at the start so that
callers that use the value when an error occurs do not see
garbage that might be misinterpreted.
Change-Id: Iccfcf4f6944b1bf72789c83919901d9b9d6f9153
AND and OR are now binary operators, left-associative, with AND having
higher precedence than OR.
The not operator is now higher-precedence than the AND and OR operators.
There remains one tough shift/reduce conflict, the warning for which is
quieted with an `%expect 1` directive.
The remaining conflict has to do with whether a constraint attaches to
the inner type that some other outer type is a SET OF or SEQUENCE OF or
tagged-type of, or whether it attaches to the outer type. The two are
really the same thing. The latter is the reduce side, so it's not used,
but if it were we could grab the constraint in the action and attach it
to the inner type anyways.
In order to resolve some shift/reduce conflicts in the ASn.1 compiler's
grammar we need to be strict about value names starting with lower case
and type names starting with upper-case.
Using `AC_PROG_YACC` means accepting that `bison` gets invoked in yacc
compatibility mode (i.e., with the `-y` command-line option). In recent
versions Bison has started to warn about use of Bison extensions when in
yacc compatibility mode -- even for things yacc itself accepts but which
it doesn't document.
I've confirmed that `bison -d` and `byacc -d` both work for the ASN.1
compiler.
8dcc5e617b
("kadmin: add_one_principal refactor") made 'princ_name' a
top-level variable. This precludes the need to declare
subsequent block-level variables with the same name.
Change-Id: I4bf9e54b49a0e366ed4cd39920d3fe58439beb33
The pseudo keyword 'fallthrough' is defined such that case statement
blocks must end with any of these keywords:
* break;
* fallthrough;
* continue;
* goto <label>;
* return [expression];
*
* gcc: https://gcc.gnu.org/onlinedocs/gcc/Statement-Attributes.html#Statement-Attributes
The macro is defined either as
__attribute__((__fallthrough__))
or as
do {} while (0) /* fallthrough */
not including the semicolon.
This change implements the Linux kernel style and updates several locations
where "/*fallthrough*/ and /* FALLTHROUGH */ were not previously replaced.
Externally imported code such as libedit, libtommath and sqlite are
restored to their unaltered state.
Change-Id: I69db8167b0d5884f55d96d72de3059a0235a1ba3
124b8d0f78 ("kadmin: kadmind_dispatch
do not write NULL 'rsp' to 'out'") was committed with an
unintentional source code removal.
Change-Id: I3de21e3624d713a9b5a1e89d147a5db5f1f55ab1
1b213c1082 ("kadmind: Add missing
error checks") altered the behavior of kadmin_dispatch() such that
it unconditionally called
krb5_storage_to_data(rsp, out);
This change was unsafe because krb5_unparse_name_fixed() failure
would skip the allocation of the 'rsp' and 'sp' krb5_storage
objects.
This change allocates the krb5_storage objects prior to performing
any work. If either of them fail, kadmin_dispatch() immediately
returns ENOMEM.
Change-Id: I14fd96afe029a4e74bb769605286ca0e17d25043
In function ‘afslog_cell.isra’:
afslog.c:144:13: warning: ‘%s’ directive argument is null [-Wformat-overflow=]
144 | warnx("No cell matching \"%s\" found.", cell);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
caused by expand_cell_name() returning the input pointer.
Alter the behavior of expand_cell_name() to match its usage.
Change-Id: I3b15c4b3e59b597af5351e5e62f5d7751be50feb
If rand_password is true, allocate princ_name early to prevent
memory allocation errors after the principal was added.
Use memset_s to clear the 'password' so that it will not be
optimized away.
Change-Id: I80d11546166d2350e6a79c5a376cb9e8cb191fa3
Obtain the unparsed principal name early so that there is no
risk of memory allocation failure after kadm5_chpass_principal_3()
succeeds.
Change-Id: I389281004826da5752081c2f26127d55e3dc3989
1b213c1082 ("kadmind: Add missing
error checks") altered the behavior of kadmin_dispatch() such that
it unconditionally called
krb5_storage_to_data(rsp, out);
Previously kadmin_dispatch() only wrote to 'out' on success.
Doing so is important because 'rsp' might be NULL on error.
Change-Id: I2688a5c47db0f94d955971e785037c578d3f3fa4
1b213c1082 ("kadmind: Add missing
error checks") altered the scope of the
if (ret == HEIM_ERR_EOF)
ret = 0;
treatment of HEIM_ERR_EOF as a success code. Prior to that
commit HEIM_ERR_EOF meant success only when reading the 'keepold'
value. It indicated a premature failure if returned when reading
'princ' or 'n_key_data'.
This change corrects the scope of HEIM_ERR_EOF indicating success.
Change-Id: If5463b47dc3eabee6fa2f8e717147f02adc1586c
asprintf() return code must be checked because in case of failure
the value of the output buffer variable is undefined.
Change-Id: I75e06fffe2330ec10dbe4f678479ded479ab5931
The tests depend upon an ERANGE error for buffer length zero.
They broken due to 8324a2af1d
("lib/krb5: unparse_name_fixed error if invalid name buffer or length")
which returned EINVAL.
Change-Id: I81693f9d3f5fdc1838c11ffbfe0dafc742d9b207
If make_local_fast_ap_fxarmor() is called without a ccache
it will segmentation fault. Set a krb5 error message in the
context and fail with EINVAL.
Change-Id: I8a72a026dbae931e41498f55cd634ad2fee26772
