diff options
Diffstat (limited to 'src/lib/krb5/krb/fast.c')
-rw-r--r-- | src/lib/krb5/krb/fast.c | 458 |
1 files changed, 229 insertions, 229 deletions
diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c index 381173d5c..ae5602cde 100644 --- a/src/lib/krb5/krb/fast.c +++ b/src/lib/krb5/krb/fast.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * lib/krb5/krb/fast.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,8 +23,8 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * - * + * + * * */ @@ -66,65 +67,65 @@ static krb5_error_code fast_armor_ap_request memset(&creds, 0, sizeof(creds)); retval = krb5_tgtname(context, target_realm, target_realm, &creds.server); if (retval ==0) - retval = krb5_cc_get_principal(context, ccache, &creds.client); + retval = krb5_cc_get_principal(context, ccache, &creds.client); if (retval == 0) - retval = krb5_get_credentials(context, 0, ccache, &creds, &out_creds); + retval = krb5_get_credentials(context, 0, ccache, &creds, &out_creds); if (retval == 0) - retval = krb5_mk_req_extended(context, &authcontext, AP_OPTS_USE_SUBKEY, NULL /*data*/, - out_creds, &encoded_authenticator); + retval = krb5_mk_req_extended(context, &authcontext, AP_OPTS_USE_SUBKEY, NULL /*data*/, + out_creds, &encoded_authenticator); if (retval == 0) - retval = krb5_auth_con_getsendsubkey(context, authcontext, &subkey); + retval = krb5_auth_con_getsendsubkey(context, authcontext, &subkey); if (retval == 0) - retval = krb5_c_fx_cf2_simple(context, subkey, "subkeyarmor", - &out_creds->keyblock, "ticketarmor", &armor_key); + retval = krb5_c_fx_cf2_simple(context, subkey, "subkeyarmor", + &out_creds->keyblock, "ticketarmor", &armor_key); if (retval == 0) { - armor = calloc(1, sizeof(krb5_fast_armor)); - if (armor == NULL) - retval = ENOMEM; + armor = calloc(1, sizeof(krb5_fast_armor)); + if (armor == NULL) + retval = ENOMEM; } if (retval == 0) { - armor->armor_type = KRB5_FAST_ARMOR_AP_REQUEST; - armor->armor_value = encoded_authenticator; - encoded_authenticator.data = NULL; - encoded_authenticator.length = 0; - state->armor = armor; - armor = NULL; - state->armor_key = armor_key; - armor_key = NULL; + armor->armor_type = KRB5_FAST_ARMOR_AP_REQUEST; + armor->armor_value = encoded_authenticator; + encoded_authenticator.data = NULL; + encoded_authenticator.length = 0; + state->armor = armor; + armor = NULL; + state->armor_key = armor_key; + armor_key = NULL; } krb5_free_keyblock(context, armor_key); krb5_free_keyblock(context, subkey); if (out_creds) - krb5_free_creds(context, out_creds); + krb5_free_creds(context, out_creds); krb5_free_cred_contents(context, &creds); if (encoded_authenticator.data) - krb5_free_data_contents(context, &encoded_authenticator); + krb5_free_data_contents(context, &encoded_authenticator); krb5_auth_con_free(context, authcontext); return retval; } krb5_error_code krb5int_fast_prep_req_body(krb5_context context, struct krb5int_fast_request_state *state, - krb5_kdc_req *request, krb5_data **encoded_request_body) + krb5_kdc_req *request, krb5_data **encoded_request_body) { krb5_error_code retval = 0; krb5_data *local_encoded_request_body = NULL; assert(state != NULL); *encoded_request_body = NULL; if (state->armor_key == NULL) { - return encode_krb5_kdc_req_body(request, encoded_request_body); + return encode_krb5_kdc_req_body(request, encoded_request_body); } state->fast_outer_request = *request; state->fast_outer_request.padata = NULL; if (retval == 0) - retval = encode_krb5_kdc_req_body(&state->fast_outer_request, - &local_encoded_request_body); + retval = encode_krb5_kdc_req_body(&state->fast_outer_request, + &local_encoded_request_body); if (retval == 0) { - *encoded_request_body = local_encoded_request_body; - local_encoded_request_body = NULL; + *encoded_request_body = local_encoded_request_body; + local_encoded_request_body = NULL; } if (local_encoded_request_body != NULL) - krb5_free_data(context, local_encoded_request_body); + krb5_free_data(context, local_encoded_request_body); return retval; } @@ -137,31 +138,31 @@ krb5_error_code krb5int_fast_as_armor krb5_ccache ccache = NULL; krb5_clear_error_message(context); if (opte->opt_private->fast_ccache_name) { - retval = krb5_cc_resolve(context, opte->opt_private->fast_ccache_name, - &ccache); - if (retval==0) - retval = fast_armor_ap_request(context, state, ccache, - krb5_princ_realm(context, request->server)); - if (retval != 0) { - const char * errmsg; - errmsg = krb5_get_error_message(context, retval); - if (errmsg) { - krb5_set_error_message(context, retval, "%s constructing AP-REQ armor", errmsg); - krb5_free_error_message(context, errmsg); - } - } + retval = krb5_cc_resolve(context, opte->opt_private->fast_ccache_name, + &ccache); + if (retval==0) + retval = fast_armor_ap_request(context, state, ccache, + krb5_princ_realm(context, request->server)); + if (retval != 0) { + const char * errmsg; + errmsg = krb5_get_error_message(context, retval); + if (errmsg) { + krb5_set_error_message(context, retval, "%s constructing AP-REQ armor", errmsg); + krb5_free_error_message(context, errmsg); + } + } } if (ccache) - krb5_cc_close(context, ccache); + krb5_cc_close(context, ccache); return retval; } -krb5_error_code +krb5_error_code krb5int_fast_prep_req (krb5_context context, struct krb5int_fast_request_state *state, - krb5_kdc_req *request, - const krb5_data *to_be_checksummed, kdc_req_encoder_proc encoder, - krb5_data **encoded_request) + krb5_kdc_req *request, + const krb5_data *to_be_checksummed, kdc_req_encoder_proc encoder, + krb5_data **encoded_request) { krb5_error_code retval = 0; krb5_pa_data *pa_array[2]; @@ -180,68 +181,68 @@ krb5int_fast_prep_req (krb5_context context, struct krb5int_fast_request_state * assert(state->fast_outer_request.padata == NULL); memset(pa_array, 0, sizeof pa_array); if (state->armor_key == NULL) { - return encoder(request, encoded_request); + return encoder(request, encoded_request); } /* Fill in a fresh random nonce for each inner request*/ - random_data.length = 4; - random_data.data = (char *)random_buf; - retval = krb5_c_random_make_octets(context, &random_data); - if (retval == 0) { - request->nonce = 0x7fffffff & load_32_n(random_buf); - state->nonce = request->nonce; - } + random_data.length = 4; + random_data.data = (char *)random_buf; + retval = krb5_c_random_make_octets(context, &random_data); + if (retval == 0) { + request->nonce = 0x7fffffff & load_32_n(random_buf); + state->nonce = request->nonce; + } fast_req.req_body = request; if (fast_req.req_body->padata == NULL) { - fast_req.req_body->padata = calloc(1, sizeof(krb5_pa_data *)); - if (fast_req.req_body->padata == NULL) - retval = ENOMEM; + fast_req.req_body->padata = calloc(1, sizeof(krb5_pa_data *)); + if (fast_req.req_body->padata == NULL) + retval = ENOMEM; } fast_req.fast_options = state->fast_options; if (retval == 0) - retval = encode_krb5_fast_req(&fast_req, &encoded_fast_req); + retval = encode_krb5_fast_req(&fast_req, &encoded_fast_req); if (retval == 0) { - armored_req = calloc(1, sizeof(krb5_fast_armored_req)); - if (armored_req == NULL) - retval = ENOMEM; + armored_req = calloc(1, sizeof(krb5_fast_armored_req)); + if (armored_req == NULL) + retval = ENOMEM; } if (retval == 0) - armored_req->armor = state->armor; + armored_req->armor = state->armor; if (retval == 0) - retval = krb5int_c_mandatory_cksumtype(context, state->armor_key->enctype, - &cksumtype); + retval = krb5int_c_mandatory_cksumtype(context, state->armor_key->enctype, + &cksumtype); if (retval ==0) - retval = krb5_c_make_checksum(context, cksumtype, state->armor_key, - KRB5_KEYUSAGE_FAST_REQ_CHKSUM, to_be_checksummed, - &armored_req->req_checksum); + retval = krb5_c_make_checksum(context, cksumtype, state->armor_key, + KRB5_KEYUSAGE_FAST_REQ_CHKSUM, to_be_checksummed, + &armored_req->req_checksum); if (retval == 0) - retval = krb5_encrypt_helper(context, state->armor_key, - KRB5_KEYUSAGE_FAST_ENC, encoded_fast_req, - &armored_req->enc_part); + retval = krb5_encrypt_helper(context, state->armor_key, + KRB5_KEYUSAGE_FAST_ENC, encoded_fast_req, + &armored_req->enc_part); if (retval == 0) - retval = encode_krb5_pa_fx_fast_request(armored_req, &encoded_armored_req); + retval = encode_krb5_pa_fx_fast_request(armored_req, &encoded_armored_req); if (retval==0) { - pa[0].pa_type = KRB5_PADATA_FX_FAST; - pa[0].contents = (unsigned char *) encoded_armored_req->data; - pa[0].length = encoded_armored_req->length; - pa_array[0] = &pa[0]; + pa[0].pa_type = KRB5_PADATA_FX_FAST; + pa[0].contents = (unsigned char *) encoded_armored_req->data; + pa[0].length = encoded_armored_req->length; + pa_array[0] = &pa[0]; } state->fast_outer_request.padata = pa_array; if(retval == 0) - retval = encoder(&state->fast_outer_request, &local_encoded_result); + retval = encoder(&state->fast_outer_request, &local_encoded_result); if (retval == 0) { - *encoded_request = local_encoded_result; - local_encoded_result = NULL; + *encoded_request = local_encoded_result; + local_encoded_result = NULL; } if (encoded_armored_req) - krb5_free_data(context, encoded_armored_req); + krb5_free_data(context, encoded_armored_req); if (armored_req) { - armored_req->armor = NULL; /*owned by state*/ - krb5_free_fast_armored_req(context, armored_req); + armored_req->armor = NULL; /*owned by state*/ + krb5_free_fast_armored_req(context, armored_req); } if (encoded_fast_req) - krb5_free_data(context, encoded_fast_req); + krb5_free_data(context, encoded_fast_req); if (local_encoded_result) - krb5_free_data(context, local_encoded_result); + krb5_free_data(context, local_encoded_result); state->fast_outer_request.padata = NULL; return retval; } @@ -258,49 +259,49 @@ static krb5_error_code decrypt_fast_reply krb5_fast_response *local_resp = NULL; assert(state != NULL); assert(state->armor_key); - fx_reply = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FX_FAST); + fx_reply = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FX_FAST); if (fx_reply == NULL) - retval = KRB5_ERR_FAST_REQUIRED; + retval = KRB5_ERR_FAST_REQUIRED; if (retval == 0) { - scratch.data = (char *) fx_reply->contents; - scratch.length = fx_reply->length; - retval = decode_krb5_pa_fx_fast_reply(&scratch, &encrypted_response); + scratch.data = (char *) fx_reply->contents; + scratch.length = fx_reply->length; + retval = decode_krb5_pa_fx_fast_reply(&scratch, &encrypted_response); } scratch.data = NULL; if (retval == 0) { - scratch.data = malloc(encrypted_response->ciphertext.length); - if (scratch.data == NULL) - retval = ENOMEM; - scratch.length = encrypted_response->ciphertext.length; + scratch.data = malloc(encrypted_response->ciphertext.length); + if (scratch.data == NULL) + retval = ENOMEM; + scratch.length = encrypted_response->ciphertext.length; } if (retval == 0) - retval = krb5_c_decrypt(context, state->armor_key, - KRB5_KEYUSAGE_FAST_REP, NULL, - encrypted_response, &scratch); + retval = krb5_c_decrypt(context, state->armor_key, + KRB5_KEYUSAGE_FAST_REP, NULL, + encrypted_response, &scratch); if (retval != 0) { - const char * errmsg; - errmsg = krb5_get_error_message(context, retval); - krb5_set_error_message(context, retval, "%s while decrypting FAST reply", errmsg); - krb5_free_error_message(context, errmsg); + const char * errmsg; + errmsg = krb5_get_error_message(context, retval); + krb5_set_error_message(context, retval, "%s while decrypting FAST reply", errmsg); + krb5_free_error_message(context, errmsg); } if (retval == 0) - retval = decode_krb5_fast_response(&scratch, &local_resp); + retval = decode_krb5_fast_response(&scratch, &local_resp); if (retval == 0) { - if (local_resp->nonce != state->nonce) { - retval = KRB5_KDCREP_MODIFIED; - krb5_set_error_message(context, retval, "nonce modified in FAST response: KDC response modified"); - } + if (local_resp->nonce != state->nonce) { + retval = KRB5_KDCREP_MODIFIED; + krb5_set_error_message(context, retval, "nonce modified in FAST response: KDC response modified"); + } } if (retval == 0) { - *response = local_resp; - local_resp = NULL; + *response = local_resp; + local_resp = NULL; } if (scratch.data) - free(scratch.data); + free(scratch.data); if (encrypted_response) - krb5_free_enc_data(context, encrypted_response); + krb5_free_enc_data(context, encrypted_response); if (local_resp) - krb5_free_fast_response(context, local_resp); + krb5_free_fast_response(context, local_resp); return retval; } @@ -319,91 +320,91 @@ static krb5_error_code decrypt_fast_reply */ krb5_error_code krb5int_fast_process_error(krb5_context context, struct krb5int_fast_request_state *state, - krb5_error **err_replyptr , krb5_pa_data ***out_padata, - krb5_boolean *retry) + krb5_error **err_replyptr , krb5_pa_data ***out_padata, + krb5_boolean *retry) { krb5_error_code retval = 0; krb5_error *err_reply = *err_replyptr; *out_padata = NULL; *retry = 0; if (state->armor_key) { - krb5_pa_data *fx_error_pa; - krb5_pa_data **result = NULL; - krb5_data scratch, *encoded_td = NULL; - krb5_error *fx_error = NULL; - krb5_fast_response *fast_response = NULL; - retval = decode_krb5_padata_sequence(&err_reply->e_data, &result); - if (retval == 0) - retval = decrypt_fast_reply(context, state, result, &fast_response); - if (retval) { - /*This can happen if the KDC does not understand FAST. We - * don't expect that, but treating it as the fatal error - * indicated by the KDC seems reasonable. - */ - *retry = 0; - krb5_free_pa_data(context, result); - return 0; - } - krb5_free_pa_data(context, result); - result = NULL; - if (retval == 0) { - fx_error_pa = krb5int_find_pa_data(context, fast_response->padata, KRB5_PADATA_FX_ERROR); - if (fx_error_pa == NULL) { - krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, "Expecting FX_ERROR pa-data inside FAST container"); - retval = KRB5KDC_ERR_PREAUTH_FAILED; - } - } - if (retval == 0) { - scratch.data = (char *) fx_error_pa->contents; - scratch.length = fx_error_pa->length; - retval = decode_krb5_error(&scratch, &fx_error); - } - /* - * krb5_pa_data and krb5_typed_data are safe to cast between: - * they have the same type fields in the same order. - * (krb5_preauthtype is a krb5_int32). If krb5_typed_data is - * ever changed then this will need to be a copy not a cast. - */ - if (retval == 0) - retval = encode_krb5_typed_data( (krb5_typed_data **) fast_response->padata, - &encoded_td); - if (retval == 0) { - fx_error->e_data = *encoded_td; - free(encoded_td); /*contents owned by fx_error*/ - encoded_td = NULL; - krb5_free_error(context, err_reply); - *err_replyptr = fx_error; - fx_error = NULL; - *out_padata = fast_response->padata; - fast_response->padata = NULL; - /* - * If there is more than the fx_error padata, then we want - * to retry the error if a cookie is present - */ - *retry = (*out_padata)[1] != NULL; - if (krb5int_find_pa_data(context, *out_padata, KRB5_PADATA_FX_COOKIE) == NULL) - *retry = 0; - } - if (fx_error) - krb5_free_error(context, fx_error); - krb5_free_fast_response(context, fast_response); + krb5_pa_data *fx_error_pa; + krb5_pa_data **result = NULL; + krb5_data scratch, *encoded_td = NULL; + krb5_error *fx_error = NULL; + krb5_fast_response *fast_response = NULL; + retval = decode_krb5_padata_sequence(&err_reply->e_data, &result); + if (retval == 0) + retval = decrypt_fast_reply(context, state, result, &fast_response); + if (retval) { + /*This can happen if the KDC does not understand FAST. We + * don't expect that, but treating it as the fatal error + * indicated by the KDC seems reasonable. + */ + *retry = 0; + krb5_free_pa_data(context, result); + return 0; + } + krb5_free_pa_data(context, result); + result = NULL; + if (retval == 0) { + fx_error_pa = krb5int_find_pa_data(context, fast_response->padata, KRB5_PADATA_FX_ERROR); + if (fx_error_pa == NULL) { + krb5_set_error_message(context, KRB5KDC_ERR_PREAUTH_FAILED, "Expecting FX_ERROR pa-data inside FAST container"); + retval = KRB5KDC_ERR_PREAUTH_FAILED; + } + } + if (retval == 0) { + scratch.data = (char *) fx_error_pa->contents; + scratch.length = fx_error_pa->length; + retval = decode_krb5_error(&scratch, &fx_error); + } + /* + * krb5_pa_data and krb5_typed_data are safe to cast between: + * they have the same type fields in the same order. + * (krb5_preauthtype is a krb5_int32). If krb5_typed_data is + * ever changed then this will need to be a copy not a cast. + */ + if (retval == 0) + retval = encode_krb5_typed_data( (krb5_typed_data **) fast_response->padata, + &encoded_td); + if (retval == 0) { + fx_error->e_data = *encoded_td; + free(encoded_td); /*contents owned by fx_error*/ + encoded_td = NULL; + krb5_free_error(context, err_reply); + *err_replyptr = fx_error; + fx_error = NULL; + *out_padata = fast_response->padata; + fast_response->padata = NULL; + /* + * If there is more than the fx_error padata, then we want + * to retry the error if a cookie is present + */ + *retry = (*out_padata)[1] != NULL; + if (krb5int_find_pa_data(context, *out_padata, KRB5_PADATA_FX_COOKIE) == NULL) + *retry = 0; + } + if (fx_error) + krb5_free_error(context, fx_error); + krb5_free_fast_response(context, fast_response); } else { /*not FAST*/ - *retry = (err_reply->e_data.length > 0); - if ((err_reply->error == KDC_ERR_PREAUTH_REQUIRED - ||err_reply->error == KDC_ERR_PREAUTH_FAILED) && err_reply->e_data.length) { - krb5_pa_data **result = NULL; - retval = decode_krb5_padata_sequence(&err_reply->e_data, &result); - if (retval == 0) - if (retval == 0) { - *out_padata = result; + *retry = (err_reply->e_data.length > 0); + if ((err_reply->error == KDC_ERR_PREAUTH_REQUIRED + ||err_reply->error == KDC_ERR_PREAUTH_FAILED) && err_reply->e_data.length) { + krb5_pa_data **result = NULL; + retval = decode_krb5_padata_sequence(&err_reply->e_data, &result); + if (retval == 0) + if (retval == 0) { + *out_padata = result; - return 0; - } - krb5_free_pa_data(context, result); - krb5_set_error_message(context, retval, - "Error decoding padata in error reply"); - return retval; - } + return 0; + } + krb5_free_pa_data(context, result); + krb5_set_error_message(context, retval, + "Error decoding padata in error reply"); + return retval; + } } return retval; } @@ -421,61 +422,61 @@ krb5_error_code krb5int_fast_process_response krb5_clear_error_message(context); *strengthen_key = NULL; if (state->armor_key == 0) - return 0; - retval = decrypt_fast_reply(context, state, resp->padata, - &fast_response); + return 0; + retval = decrypt_fast_reply(context, state, resp->padata, + &fast_response); if (retval == 0) { - if (fast_response->finished == 0) { - retval = KRB5_KDCREP_MODIFIED; - krb5_set_error_message(context, retval, "FAST response missing finish message in KDC reply"); - } + if (fast_response->finished == 0) { + retval = KRB5_KDCREP_MODIFIED; + krb5_set_error_message(context, retval, "FAST response missing finish message in KDC reply"); + } } if (retval == 0) - retval = encode_krb5_ticket(resp->ticket, &encoded_ticket); + retval = encode_krb5_ticket(resp->ticket, &encoded_ticket); if (retval == 0) - retval = krb5_c_verify_checksum(context, state->armor_key, - KRB5_KEYUSAGE_FAST_FINISHED, - encoded_ticket, - &fast_response->finished->ticket_checksum, - &cksum_valid); + retval = krb5_c_verify_checksum(context, state->armor_key, + KRB5_KEYUSAGE_FAST_FINISHED, + encoded_ticket, + &fast_response->finished->ticket_checksum, + &cksum_valid); if (retval == 0 && cksum_valid == 0) { - retval = KRB5_KDCREP_MODIFIED; - krb5_set_error_message(context, retval, "ticket modified in KDC reply"); + retval = KRB5_KDCREP_MODIFIED; + krb5_set_error_message(context, retval, "ticket modified in KDC reply"); } if (retval == 0) { - krb5_free_principal(context, resp->client); - resp->client = fast_response->finished->client; - fast_response->finished->client = NULL; - *strengthen_key = fast_response->strengthen_key; - fast_response->strengthen_key = NULL; - krb5_free_pa_data(context, resp->padata); - resp->padata = fast_response->padata; - fast_response->padata = NULL; + krb5_free_principal(context, resp->client); + resp->client = fast_response->finished->client; + fast_response->finished->client = NULL; + *strengthen_key = fast_response->strengthen_key; + fast_response->strengthen_key = NULL; + krb5_free_pa_data(context, resp->padata); + resp->padata = fast_response->padata; + fast_response->padata = NULL; } if (fast_response) - krb5_free_fast_response(context, fast_response); + krb5_free_fast_response(context, fast_response); if (encoded_ticket) - krb5_free_data(context, encoded_ticket); + krb5_free_data(context, encoded_ticket); return retval; } krb5_error_code krb5int_fast_reply_key(krb5_context context, - krb5_keyblock *strengthen_key, - krb5_keyblock *existing_key, - krb5_keyblock *out_key) + krb5_keyblock *strengthen_key, + krb5_keyblock *existing_key, + krb5_keyblock *out_key) { krb5_keyblock *key = NULL; krb5_error_code retval = 0; krb5_free_keyblock_contents(context, out_key); if (strengthen_key) { - retval = krb5_c_fx_cf2_simple(context, strengthen_key, - "strengthenkey", existing_key, "replykey", &key); - if (retval == 0) { - *out_key = *key; - free(key); - } + retval = krb5_c_fx_cf2_simple(context, strengthen_key, + "strengthenkey", existing_key, "replykey", &key); + if (retval == 0) { + *out_key = *key; + free(key); + } } else { - retval = krb5_copy_keyblock_contents(context, existing_key, out_key); + retval = krb5_copy_keyblock_contents(context, existing_key, out_key); } return retval; } @@ -487,7 +488,7 @@ krb5int_fast_make_state( krb5_context context, struct krb5int_fast_request_state struct krb5int_fast_request_state *local_state ; local_state = malloc(sizeof *local_state); if (local_state == NULL) - return ENOMEM; + return ENOMEM; memset(local_state, 0, sizeof(*local_state)); *state = local_state; return 0; @@ -505,16 +506,15 @@ krb5int_fast_free_state( krb5_context context, struct krb5int_fast_request_state krb5_pa_data * krb5int_find_pa_data (krb5_context context, krb5_pa_data *const *padata, krb5_preauthtype pa_type) { - krb5_pa_data * const *tmppa; + krb5_pa_data * const *tmppa; if (padata == NULL) - return NULL; + return NULL; for (tmppa = padata; *tmppa != NULL; tmppa++) { - if ((*tmppa)->pa_type == pa_type) - break; + if ((*tmppa)->pa_type == pa_type) + break; } return *tmppa; } - |