From 71ca378e4b7fb64f77bbf58ba15f4665072163bd Mon Sep 17 00:00:00 2001
From: Ken Raeburn <raeburn@mit.edu>
Date: Sat, 29 Mar 2008 01:08:31 +0000
Subject: [PATCH] Coverity CID 228: Possible use of uninitialized variable
 time_req in gss_add_cred if cred_usage has an invalid value.  (Also flagged
 by GCC.)

Changed validation routines for gss_add_cred, gss_acquire_cred, and
gss_store_cred to check the cred_usage value.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20295 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/gssapi/mechglue/g_acquire_cred.c | 21 ++++++++++++++++++++-
 src/lib/gssapi/mechglue/g_store_cred.c   | 10 ++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c
index 6d63e5b8f..fbe66681f 100644
--- a/src/lib/gssapi/mechglue/g_acquire_cred.c
+++ b/src/lib/gssapi/mechglue/g_acquire_cred.c
@@ -105,6 +105,16 @@ val_acq_cred_args(
     if (output_cred_handle == NULL)
 	return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
+    if (cred_usage != GSS_C_ACCEPT
+	&& cred_usage != GSS_C_INITIATE
+	&& cred_usage != GSS_C_BOTH) {
+	if (minor_status) {
+	    *minor_status = EINVAL;
+	    map_errcode(minor_status);
+	}
+	return GSS_S_FAILURE;
+    }
+
     return (GSS_S_COMPLETE);
 }
 
@@ -281,9 +291,18 @@ val_add_cred_args(
 
     if (input_cred_handle == GSS_C_NO_CREDENTIAL &&
 	output_cred_handle == NULL)
-
 	return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED);
 
+    if (cred_usage != GSS_C_ACCEPT
+	&& cred_usage != GSS_C_INITIATE
+	&& cred_usage != GSS_C_BOTH) {
+	if (minor_status) {
+	    *minor_status = EINVAL;
+	    map_errcode(minor_status);
+	}
+	return GSS_S_FAILURE;
+    }
+
     return (GSS_S_COMPLETE);
 }
 
diff --git a/src/lib/gssapi/mechglue/g_store_cred.c b/src/lib/gssapi/mechglue/g_store_cred.c
index b02f7069a..d9a7d9adc 100644
--- a/src/lib/gssapi/mechglue/g_store_cred.c
+++ b/src/lib/gssapi/mechglue/g_store_cred.c
@@ -39,6 +39,16 @@ val_store_cred_args(
 	if (input_cred_handle == GSS_C_NO_CREDENTIAL)
 		return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED);
 
+	if (cred_usage != GSS_C_ACCEPT
+	    && cred_usage != GSS_C_INITIATE
+	    && cred_usage != GSS_C_BOTH) {
+	    if (minor_status) {
+		*minor_status = EINVAL;
+		map_errcode(minor_status);
+	    }
+	    return GSS_S_FAILURE;
+	}
+
 	return (GSS_S_COMPLETE);
 }
 
-- 
2.26.2