From 7778a7c92be941d4e2faaf7868be0ea41cede174 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sat, 1 May 2010 17:53:04 +0000 Subject: [PATCH] Fix some bugs in the IAKERB code discovered by Coverity. Also trim down iakerb_initiator_step() a little using krb5_data constructors and avoiding vertical function arguments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23961 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/acquire_cred.c | 19 +++++++++++-------- src/lib/gssapi/krb5/iakerb.c | 25 +++++-------------------- src/lib/krb5/krb/kfree.c | 2 ++ 3 files changed, 18 insertions(+), 28 deletions(-) diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index c3e84818d..88b739e97 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -580,6 +580,7 @@ acquire_cred(minor_status, desired_name, password, time_req, if ((cred_usage != GSS_C_INITIATE) && (cred_usage != GSS_C_ACCEPT) && (cred_usage != GSS_C_BOTH)) { + ret = GSS_S_FAILURE; *minor_status = (OM_uint32) G_BAD_USAGE; goto error_out; } @@ -685,16 +686,18 @@ error_out: free(ret_mechs->elements); free(ret_mechs); } - if (cred->ccache) - (void)krb5_cc_close(context, cred->ccache); + if (cred != NULL) { + if (cred->ccache) + (void)krb5_cc_close(context, cred->ccache); #ifndef LEAN_CLIENT - if (cred->keytab) - (void)krb5_kt_close(context, cred->keytab); + if (cred->keytab) + (void)krb5_kt_close(context, cred->keytab); #endif /* LEAN_CLIENT */ - if (cred->name) - kg_release_name(context, 0, &cred->name); - k5_mutex_destroy(&cred->lock); - xfree(cred); + if (cred->name) + kg_release_name(context, 0, &cred->name); + k5_mutex_destroy(&cred->lock); + xfree(cred); + } save_error_info(*minor_status, context); krb5_free_context(context); return ret; diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c index 3463a7f71..6ee0c73dc 100644 --- a/src/lib/gssapi/krb5/iakerb.c +++ b/src/lib/gssapi/krb5/iakerb.c @@ -517,33 +517,18 @@ iakerb_initiator_step(iakerb_ctx_id_t ctx, const gss_buffer_t input_token, gss_buffer_t output_token) { - krb5_error_code code; - krb5_data in, out, realm, *cookie = NULL; + krb5_error_code code = 0; + krb5_data in = empty_data(), out = empty_data(), realm = empty_data(); + krb5_data *cookie = NULL; OM_uint32 tmp; - int initialContextToken = (input_token == GSS_C_NO_BUFFER); unsigned int flags = 0; krb5_ticket_times times; output_token->length = 0; output_token->value = NULL; - in.data = NULL; - in.length = 0; - out.data = NULL; - out.length = 0; - realm.data = NULL; - realm.length = 0; - - if (initialContextToken) { - in.data = NULL; - in.length = 0; - } else { - code = iakerb_parse_token(ctx, - 0, - input_token, - NULL, - &cookie, - &in); + if (input_token != GSS_C_NO_BUFFER) { + code = iakerb_parse_token(ctx, 0, input_token, NULL, &cookie, &in); if (code != 0) goto cleanup; diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c index 6a3e6b291..6a8cdd522 100644 --- a/src/lib/krb5/krb/kfree.c +++ b/src/lib/krb5/krb/kfree.c @@ -922,6 +922,7 @@ krb5_free_iakerb_header(krb5_context context, krb5_iakerb_header *val) krb5_free_data_contents(context, &val->target_realm); krb5_free_data(context, val->cookie); + free(val); } void KRB5_CALLCONV @@ -931,4 +932,5 @@ krb5_free_iakerb_finished(krb5_context context, krb5_iakerb_finished *val) return ; krb5_free_checksum_contents(context, &val->checksum); + free(val); } -- 2.26.2