summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2011-01-11 10:44:48 +0100
committerRob Crittenden <rcritten@redhat.com>2011-01-12 11:29:19 -0500
commitb739df4c111c63e99ece4a9e2f5a548156f7a3fb (patch)
tree29b7ba6c82015ac903014811fde800607545b02a
parente2d4e9477ee52e52712b65b532159720794969cb (diff)
downloadfreeipa-b739df4c111c63e99ece4a9e2f5a548156f7a3fb.tar.gz
freeipa-b739df4c111c63e99ece4a9e2f5a548156f7a3fb.tar.xz
freeipa-b739df4c111c63e99ece4a9e2f5a548156f7a3fb.zip
Unchecked return value in ipa-getkeytab
krb5_init_context return value was not checked. This could lead to unhandled error issues. This patch moves the Kerberos context initialization to the branch where it is needed and handles the error value in a way that allows program exit in a standard way deallocating all resources. https://fedorahosted.org/freeipa/ticket/721
Diffstat
-rw-r--r--ipa-client/ipa-getkeytab.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c
index 8f108de4a..e4c7b0e2b 100644
--- a/ipa-client/ipa-getkeytab.c
+++ b/ipa-client/ipa-getkeytab.c
@@ -76,18 +76,31 @@ static int ldap_sasl_interact(LDAP *ld, unsigned flags, void *priv_data, void *s
krb5_principal princ = (krb5_principal)priv_data;
krb5_context krbctx;
char *outname = NULL;
+ krb5_error_code krberr;
if (!ld) return LDAP_PARAM_ERROR;
- krb5_init_context(&krbctx);
-
for (in = sit; in && in->id != SASL_CB_LIST_END; in++) {
switch(in->id) {
case SASL_CB_USER:
+ krberr = krb5_init_context(&krbctx);
+
+ if (krberr) {
+ fprintf(stderr, _("Kerberos context initialization failed\n"));
+ in->result = NULL;
+ in->len = 0;
+ ret = LDAP_LOCAL_ERROR;
+ break;
+ }
+
krb5_unparse_name(krbctx, princ, &outname);
+
in->result = outname;
in->len = strlen(outname);
ret = LDAP_SUCCESS;
+
+ krb5_free_context(krbctx);
+
break;
case SASL_CB_GETREALM:
in->result = princ->realm.data;
@@ -100,7 +113,6 @@ static int ldap_sasl_interact(LDAP *ld, unsigned flags, void *priv_data, void *s
ret = LDAP_OTHER;
}
}
- krb5_free_context(krbctx);
return ret;
}
generated by cgit (git 2.34.1) at 2024-11-10 15:24:40 +0000