Coverity CID 228: Possible use of uninitialized variable time_req in

gss_add_cred if cred_usage has an invalid value.  (Also flagged by
GCC.)

Changed validation routines for gss_add_cred, gss_acquire_cred, and
gss_store_cred to check the cred_usage value.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20295 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c
index 6d63e5b8f2253372aaf48a539c597ad320bafcd8..fbe66681f4b6c0e9a6c34cbaf912ca0a7f6bb3e4 100644 (file)
--- a/src/lib/gssapi/mechglue/g_acquire_cred.c
+++ b/src/lib/gssapi/mechglue/g_acquire_cred.c
@@ -105,6 +105,16 @@ val_acq_cred_args(
     if (output_cred_handle == NULL)
        return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
+    if (cred_usage != GSS_C_ACCEPT
+       && cred_usage != GSS_C_INITIATE
+       && cred_usage != GSS_C_BOTH) {
+       if (minor_status) {
+           *minor_status = EINVAL;
+           map_errcode(minor_status);
+       }
+       return GSS_S_FAILURE;
+    }
+
     return (GSS_S_COMPLETE);
 }
 
@@ -281,9 +291,18 @@ val_add_cred_args(
 
     if (input_cred_handle == GSS_C_NO_CREDENTIAL &&
        output_cred_handle == NULL)
-
        return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED);
 
+    if (cred_usage != GSS_C_ACCEPT
+       && cred_usage != GSS_C_INITIATE
+       && cred_usage != GSS_C_BOTH) {
+       if (minor_status) {
+           *minor_status = EINVAL;
+           map_errcode(minor_status);
+       }
+       return GSS_S_FAILURE;
+    }
+
     return (GSS_S_COMPLETE);
 }
 

diff --git a/src/lib/gssapi/mechglue/g_store_cred.c b/src/lib/gssapi/mechglue/g_store_cred.c
index b02f7069ad990a0248619005b633438dd0ab3925..d9a7d9adcffa3c7774c0dc489d09556c447d79d6 100644 (file)
--- a/src/lib/gssapi/mechglue/g_store_cred.c
+++ b/src/lib/gssapi/mechglue/g_store_cred.c
@@ -39,6 +39,16 @@ val_store_cred_args(
        if (input_cred_handle == GSS_C_NO_CREDENTIAL)
                return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED);
 
+       if (cred_usage != GSS_C_ACCEPT
+           && cred_usage != GSS_C_INITIATE
+           && cred_usage != GSS_C_BOTH) {
+           if (minor_status) {
+               *minor_status = EINVAL;
+               map_errcode(minor_status);
+           }
+           return GSS_S_FAILURE;
+       }
+
        return (GSS_S_COMPLETE);
 }