krb5 commit: Fix various small logic errors
ghudson at mit.edu
ghudson at mit.edu
Mon Nov 11 17:00:38 EST 2024
https://github.com/krb5/krb5/commit/3b57de1b68f31fa297d91e8b00bd91587d71fd02
commit 3b57de1b68f31fa297d91e8b00bd91587d71fd02
Author: Greg Hudson <ghudson at mit.edu>
Date: Fri Nov 1 13:42:44 2024 -0400
Fix various small logic errors
Correct five logic errors (all unlikely to manifest as user-visible
bugs) found by static analysis. Reported by Valery Fedorenko.
src/kdc/policy.c | 2 +-
src/lib/apputils/net-server.c | 2 +-
src/lib/rpc/unit-test/client.c | 1 +
src/plugins/audit/kdc_j_encode.c | 10 ++++------
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 2 ++
5 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/src/kdc/policy.c b/src/kdc/policy.c
index a3ff556c5..1ae1c7a05 100644
--- a/src/kdc/policy.c
+++ b/src/kdc/policy.c
@@ -180,7 +180,7 @@ unload_kdcpolicy_plugins(krb5_context context)
{
kdcpolicy_handle *hp, h;
- for (hp = handles; *hp != NULL; hp++) {
+ for (hp = handles; hp != NULL && *hp != NULL; hp++) {
h = *hp;
if (h->vt.fini != NULL)
h->vt.fini(context, h->moddata);
diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c
index 75372d894..b3da72d3f 100644
--- a/src/lib/apputils/net-server.c
+++ b/src/lib/apputils/net-server.c
@@ -1127,7 +1127,7 @@ kill_lru_tcp_or_rpc_connection(void *handle, verto_ev *newev)
}
if (oldest_c != NULL) {
krb5_klog_syslog(LOG_INFO, _("dropping %s fd %d from %s"),
- c->type == CONN_RPC ? "rpc" : "tcp",
+ oldest_c->type == CONN_RPC ? "rpc" : "tcp",
verto_get_fd(oldest_ev), oldest_c->addrbuf);
if (oldest_c->type == CONN_RPC)
oldest_c->rpc_force_close = 1;
diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c
index 9b907bcdc..7965a4306 100644
--- a/src/lib/rpc/unit-test/client.c
+++ b/src/lib/rpc/unit-test/client.c
@@ -165,6 +165,7 @@ main(int argc, char **argv)
if (echo_resp == NULL) {
fprintf(stderr, "RPC_TEST_ECHO call %d%s", i,
clnt_sperror(clnt, ""));
+ break;
}
if (strncmp(*echo_resp, "Echo: ", 6) &&
strcmp(echo_arg, (*echo_resp) + 6) != 0)
diff --git a/src/plugins/audit/kdc_j_encode.c b/src/plugins/audit/kdc_j_encode.c
index fb4a4ed73..0df258d76 100755
--- a/src/plugins/audit/kdc_j_encode.c
+++ b/src/plugins/audit/kdc_j_encode.c
@@ -419,12 +419,10 @@ kau_j_tgs_u2u(const krb5_boolean ev_success, krb5_audit_state *state,
goto error;
}
/* Client in the second ticket. */
- if (req != NULL) {
- ret = princ_to_value(req->second_ticket[0]->enc_part2->client,
- obj, AU_REQ_U2U_USER);
- if (ret)
- goto error;
- }
+ ret = princ_to_value(req->second_ticket[0]->enc_part2->client,
+ obj, AU_REQ_U2U_USER);
+ if (ret)
+ goto error;
/* Enctype of a session key of the second ticket. */
ret = int32_to_value(req->second_ticket[0]->enc_part2->session->enctype,
obj, AU_SRV_ETYPE);
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 6d1966194..4ae2c00ad 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -4110,6 +4110,8 @@ pkinit_get_certs_pkcs12(krb5_context context,
TRACE_PKINIT_PKCS_PARSE_FAIL_FIRST(context);
+ if (p12name == NULL)
+ goto cleanup;
if (id_cryptoctx->defer_id_prompt) {
/* Supply the identity name to be passed to the responder. */
pkinit_set_deferred_id(&id_cryptoctx->deferred_ids, p12name, 0,
More information about the cvs-krb5
mailing list