From b739df4c111c63e99ece4a9e2f5a548156f7a3fb Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Tue, 11 Jan 2011 10:44:48 +0100 Subject: Unchecked return value in ipa-getkeytab krb5_init_context return value was not checked. This could lead to unhandled error issues. This patch moves the Kerberos context initialization to the branch where it is needed and handles the error value in a way that allows program exit in a standard way deallocating all resources. https://fedorahosted.org/freeipa/ticket/721 --- ipa-client/ipa-getkeytab.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'ipa-client') diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c index 8f108de4a..e4c7b0e2b 100644 --- a/ipa-client/ipa-getkeytab.c +++ b/ipa-client/ipa-getkeytab.c @@ -76,18 +76,31 @@ static int ldap_sasl_interact(LDAP *ld, unsigned flags, void *priv_data, void *s krb5_principal princ = (krb5_principal)priv_data; krb5_context krbctx; char *outname = NULL; + krb5_error_code krberr; if (!ld) return LDAP_PARAM_ERROR; - krb5_init_context(&krbctx); - for (in = sit; in && in->id != SASL_CB_LIST_END; in++) { switch(in->id) { case SASL_CB_USER: + krberr = krb5_init_context(&krbctx); + + if (krberr) { + fprintf(stderr, _("Kerberos context initialization failed\n")); + in->result = NULL; + in->len = 0; + ret = LDAP_LOCAL_ERROR; + break; + } + krb5_unparse_name(krbctx, princ, &outname); + in->result = outname; in->len = strlen(outname); ret = LDAP_SUCCESS; + + krb5_free_context(krbctx); + break; case SASL_CB_GETREALM: in->result = princ->realm.data; @@ -100,7 +113,6 @@ static int ldap_sasl_interact(LDAP *ld, unsigned flags, void *priv_data, void *s ret = LDAP_OTHER; } } - krb5_free_context(krbctx); return ret; } -- cgit