Fix some bugs in the IAKERB code discovered by Coverity. Also trim
authorGreg Hudson <ghudson@mit.edu>
Sat, 1 May 2010 17:53:04 +0000 (17:53 +0000)
committerGreg Hudson <ghudson@mit.edu>
Sat, 1 May 2010 17:53:04 +0000 (17:53 +0000)
down iakerb_initiator_step() a little using krb5_data constructors
and avoiding vertical function arguments.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23961 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/acquire_cred.c
src/lib/gssapi/krb5/iakerb.c
src/lib/krb5/krb/kfree.c

index c3e84818ddace99b18716865990cd120478a6d65..88b739e97f0591cceacc62baf0e56f0da5d22344 100644 (file)
@@ -580,6 +580,7 @@ acquire_cred(minor_status, desired_name, password, time_req,
     if ((cred_usage != GSS_C_INITIATE) &&
         (cred_usage != GSS_C_ACCEPT) &&
         (cred_usage != GSS_C_BOTH)) {
+        ret = GSS_S_FAILURE;
         *minor_status = (OM_uint32) G_BAD_USAGE;
         goto error_out;
     }
@@ -685,16 +686,18 @@ error_out:
         free(ret_mechs->elements);
         free(ret_mechs);
     }
-    if (cred->ccache)
-        (void)krb5_cc_close(context, cred->ccache);
+    if (cred != NULL) {
+        if (cred->ccache)
+            (void)krb5_cc_close(context, cred->ccache);
 #ifndef LEAN_CLIENT
-    if (cred->keytab)
-        (void)krb5_kt_close(context, cred->keytab);
+        if (cred->keytab)
+            (void)krb5_kt_close(context, cred->keytab);
 #endif /* LEAN_CLIENT */
-    if (cred->name)
-        kg_release_name(context, 0, &cred->name);
-    k5_mutex_destroy(&cred->lock);
-    xfree(cred);
+        if (cred->name)
+            kg_release_name(context, 0, &cred->name);
+        k5_mutex_destroy(&cred->lock);
+        xfree(cred);
+    }
     save_error_info(*minor_status, context);
     krb5_free_context(context);
     return ret;
index 3463a7f711d184d73ab08ad7ec09d1acc00335e4..6ee0c73dcb3f1a47bd10e3809d40c62965e403f2 100644 (file)
@@ -517,33 +517,18 @@ iakerb_initiator_step(iakerb_ctx_id_t ctx,
                       const gss_buffer_t input_token,
                       gss_buffer_t output_token)
 {
-    krb5_error_code code;
-    krb5_data in, out, realm, *cookie = NULL;
+    krb5_error_code code = 0;
+    krb5_data in = empty_data(), out = empty_data(), realm = empty_data();
+    krb5_data *cookie = NULL;
     OM_uint32 tmp;
-    int initialContextToken = (input_token == GSS_C_NO_BUFFER);
     unsigned int flags = 0;
     krb5_ticket_times times;
 
     output_token->length = 0;
     output_token->value = NULL;
 
-    in.data = NULL;
-    in.length = 0;
-    out.data = NULL;
-    out.length = 0;
-    realm.data = NULL;
-    realm.length = 0;
-
-    if (initialContextToken) {
-        in.data = NULL;
-        in.length = 0;
-    } else {
-        code = iakerb_parse_token(ctx,
-                                  0,
-                                  input_token,
-                                  NULL,
-                                  &cookie,
-                                  &in);
+    if (input_token != GSS_C_NO_BUFFER) {
+        code = iakerb_parse_token(ctx, 0, input_token, NULL, &cookie, &in);
         if (code != 0)
             goto cleanup;
 
index 6a3e6b291749ef9afc2dee5c344988b5dac2c3bb..6a8cdd5225d7ade0af1b5737a44e584ef2b0db90 100644 (file)
@@ -922,6 +922,7 @@ krb5_free_iakerb_header(krb5_context context, krb5_iakerb_header *val)
 
     krb5_free_data_contents(context, &val->target_realm);
     krb5_free_data(context, val->cookie);
+    free(val);
 }
 
 void KRB5_CALLCONV
@@ -931,4 +932,5 @@ krb5_free_iakerb_finished(krb5_context context, krb5_iakerb_finished *val)
         return ;
 
     krb5_free_checksum_contents(context, &val->checksum);
+    free(val);
 }