diff options
Diffstat (limited to 'src/lib')
29 files changed, 89 insertions, 199 deletions
diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c index f69320aad..7780b8a7d 100644 --- a/src/lib/apputils/net-server.c +++ b/src/lib/apputils/net-server.c @@ -980,52 +980,6 @@ setup_udp_port(void *P_data, struct sockaddr *addr) return setup_udp_port_1(data, addr, haddrbuf, 0); } -#if 1 -static void -klog_handler(const void *data, size_t len) -{ - static char buf[BUFSIZ]; - static int bufoffset; - void *p; - -#define flush_buf() \ - (bufoffset \ - ? (((buf[0] == 0 || buf[0] == '\n') \ - ? (fork()==0?abort():(void)0) \ - : (void)0), \ - krb5_klog_syslog(LOG_INFO, "%s", buf), \ - memset(buf, 0, sizeof(buf)), \ - bufoffset = 0) \ - : 0) - - p = memchr(data, 0, len); - if (p) - len = (const char *)p - (const char *)data; -scan_for_newlines: - if (len == 0) - return; - p = memchr(data, '\n', len); - if (p) { - if (p != data) - klog_handler(data, (size_t)((const char *)p - (const char *)data)); - flush_buf(); - len -= ((const char *)p - (const char *)data) + 1; - data = 1 + (const char *)p; - goto scan_for_newlines; - } else if (len > sizeof(buf) - 1 || len + bufoffset > sizeof(buf) - 1) { - size_t x = sizeof(buf) - len - 1; - klog_handler(data, x); - flush_buf(); - len -= x; - data = (const char *)data + x; - goto scan_for_newlines; - } else { - memcpy(buf + bufoffset, data, len); - bufoffset += len; - } -} -#endif - #ifdef HAVE_STRUCT_RT_MSGHDR #include <net/route.h> diff --git a/src/lib/crypto/builtin/camellia/camellia-gen.c b/src/lib/crypto/builtin/camellia/camellia-gen.c index 1446d779e..23b69c174 100644 --- a/src/lib/crypto/builtin/camellia/camellia-gen.c +++ b/src/lib/crypto/builtin/camellia/camellia-gen.c @@ -21,7 +21,8 @@ camellia_ctx ctx, dctx; static void init () { - int i, j, r; + size_t i, j; + cam_rval r; srand(42); for (i = 0; i < 16; i++) @@ -40,7 +41,7 @@ static void init () static void hexdump(const unsigned char *ptr, size_t len) { - int i; + size_t i; for (i = 0; i < len; i++) printf ("%s%02X", (i % 16 == 0) ? "\n " : " ", ptr[i]); } @@ -89,7 +90,7 @@ static void fips_test () static void xor (unsigned char *out, const unsigned char *a, const unsigned char *b) { - int i; + size_t i; for (i = 0; i < B; i++) out[i] = a[i] ^ b[i]; } @@ -97,7 +98,8 @@ xor (unsigned char *out, const unsigned char *a, const unsigned char *b) static void ecb_enc (unsigned char *out, unsigned char *in, unsigned int len) { - int i, r; + size_t i; + cam_rval r; for (i = 0; i < len; i += 16) { r = camellia_enc_blk (in + i, out + i, &ctx); if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); @@ -108,7 +110,8 @@ ecb_enc (unsigned char *out, unsigned char *in, unsigned int len) static void ecb_dec (unsigned char *out, unsigned char *in, unsigned int len) { - int i, r; + size_t i; + cam_rval r; for (i = 0; i < len; i += 16) { r = camellia_dec_blk (in + i, out + i, &dctx); if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); @@ -125,7 +128,8 @@ static void cbc_enc (unsigned char *out, unsigned char *in, unsigned char *iv, unsigned int len) { - int i, r; + size_t i; + cam_rval r; unsigned char tmp[B]; D(iv); memcpy (tmp, iv, B); @@ -145,7 +149,8 @@ static void cbc_dec (unsigned char *out, unsigned char *in, unsigned char *iv, unsigned int len) { - int i, r; + size_t i; + cam_rval r; unsigned char tmp[B]; memcpy (tmp, iv, B); for (i = 0; i < len; i += B) { @@ -231,7 +236,7 @@ cts_dec (unsigned char *out, unsigned char *in, unsigned char *iv, static void ecb_test () { - int testno; + size_t testno; unsigned char tmp[4*B]; printf ("ECB tests:\n"); @@ -239,7 +244,7 @@ static void ecb_test () hexdump (key, sizeof(key)); for (testno = 0; testno < NTESTS; testno++) { unsigned len = (test_case_len[testno] + 15) & ~15; - printf ("\ntest %d - %d bytes\n", testno, len); + printf ("\ntest %d - %d bytes\n", (int)testno, len); printf ("input:"); hexdump (test_case[testno].input, len); printf ("\n"); @@ -262,7 +267,7 @@ unsigned char ivec[16] = { 0 }; static void cbc_test () { - int testno; + size_t testno; unsigned char tmp[4*B]; printf ("CBC tests:\n"); @@ -270,7 +275,7 @@ static void cbc_test () hexdump (ivec, sizeof(ivec)); for (testno = 0; testno < NTESTS; testno++) { unsigned len = (test_case_len[testno] + 15) & ~15; - printf ("\ntest %d - %d bytes\n", testno, len); + printf ("\ntest %d - %d bytes\n", (int)testno, len); printf ("input:"); hexdump (test_case[testno].input, len); printf ("\n"); @@ -291,7 +296,7 @@ static void cbc_test () static void cts_test () { - int testno; + size_t testno; unsigned char tmp[4*B]; printf ("CTS tests:\n"); @@ -299,7 +304,7 @@ static void cts_test () hexdump (ivec, sizeof(ivec)); for (testno = 0; testno < NTESTS; testno++) { unsigned int len = test_case_len[testno]; - printf ("\ntest %d - %d bytes\n", testno, len); + printf ("\ntest %d - %d bytes\n", (int)testno, len); printf ("input:"); hexdump (test_case[testno].input, len); printf ("\n"); diff --git a/src/lib/crypto/crypto_tests/aes-test.c b/src/lib/crypto/crypto_tests/aes-test.c index 1ed033b11..a7382a48a 100644 --- a/src/lib/crypto/crypto_tests/aes-test.c +++ b/src/lib/crypto/crypto_tests/aes-test.c @@ -39,7 +39,7 @@ static krb5_keyblock enc_key; static krb5_data ivec; static void init() { - enc_key.contents = key; + enc_key.contents = (krb5_octet *)key; enc_key.length = 16; ivec.data = zero; ivec.length = 16; diff --git a/src/lib/crypto/crypto_tests/t_cts.c b/src/lib/crypto/crypto_tests/t_cts.c index f2a3012b2..2b022b4ac 100644 --- a/src/lib/crypto/crypto_tests/t_cts.c +++ b/src/lib/crypto/crypto_tests/t_cts.c @@ -121,11 +121,11 @@ static void test_cts() iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data.data = outbuf; - in.data = input; + in.data = (char *)input; enciv.length = deciv.length = 16; enciv.data = encivbuf; deciv.data = decivbuf; - keyblock.contents = aeskey; + keyblock.contents = (krb5_octet *)aeskey; keyblock.length = 16; keyblock.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96; diff --git a/src/lib/crypto/crypto_tests/t_hmac.c b/src/lib/crypto/crypto_tests/t_hmac.c index cd79dc3ee..65efa604f 100644 --- a/src/lib/crypto/crypto_tests/t_hmac.c +++ b/src/lib/crypto/crypto_tests/t_hmac.c @@ -233,10 +233,9 @@ static void test_hmac() }; for (i = 0; i < sizeof(md5tests)/sizeof(md5tests[0]); i++) { - key.contents = md5tests[i].key; + key.contents = (krb5_octet *)md5tests[i].key; key.length = md5tests[i].key_len; - in.data = md5tests[i].data; - in.length = md5tests[i].data_len; + in = make_data((char *)md5tests[i].data, md5tests[i].data_len); out.data = outbuf; out.length = 20; diff --git a/src/lib/crypto/krb/aead.c b/src/lib/crypto/krb/aead.c index 935125d9d..9d4e206ab 100644 --- a/src/lib/crypto/krb/aead.c +++ b/src/lib/crypto/krb/aead.c @@ -141,7 +141,7 @@ krb5int_c_padding_length(const struct krb5_keytypes *ktp, size_t data_length) static size_t next_iov_to_process(struct iov_cursor *cursor, size_t ind) { - krb5_crypto_iov *iov; + const krb5_crypto_iov *iov; for (; ind < cursor->iov_count; ind++) { iov = &cursor->iov[ind]; diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index ae55297d0..42ac1226b 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -441,7 +441,6 @@ kg_accept_krb5(minor_status, context_handle, char *sptr; OM_uint32 tmp; size_t md5len; - int bigend; krb5_gss_cred_id_t cred = 0; krb5_data ap_rep, ap_req; unsigned int i; @@ -698,7 +697,6 @@ kg_accept_krb5(minor_status, context_handle, } gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; - bigend = 0; decode_req_message = 0; } else { /* gss krb5 v1 */ diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index 04d70a64b..a1bb92dc0 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -405,7 +405,6 @@ krb5_gss_inquire_cred_by_oid(OM_uint32 *minor_status, gss_buffer_set_t *data_set) { OM_uint32 major_status = GSS_S_FAILURE; - krb5_gss_cred_id_t cred; #if 0 size_t i; #endif @@ -431,8 +430,6 @@ krb5_gss_inquire_cred_by_oid(OM_uint32 *minor_status, if (GSS_ERROR(major_status)) return major_status; - cred = (krb5_gss_cred_id_t) cred_handle; - #if 0 for (i = 0; i < sizeof(krb5_gss_inquire_cred_by_oid_ops)/ sizeof(krb5_gss_inquire_cred_by_oid_ops[0]); i++) { diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 81f7a3ab9..33c8c8808 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -1124,7 +1124,6 @@ make_NegHints(OM_uint32 *minor_status, OM_uint32 minor; unsigned int tlen = 0; unsigned int hintNameSize = 0; - unsigned int negHintsSize = 0; unsigned char *ptr; unsigned char *t; @@ -1208,7 +1207,6 @@ make_NegHints(OM_uint32 *minor_status, /* Length of DER encoded hintName */ tlen += 1 + gssint_der_length_size(hintNameSize); - negHintsSize = tlen; t = gssalloc_malloc(tlen); if (t == NULL) { @@ -1619,7 +1617,6 @@ spnego_gss_accept_sec_context( gss_buffer_desc mechtok_out = GSS_C_EMPTY_BUFFER; spnego_gss_ctx_id_t sc = NULL; spnego_gss_cred_id_t spcred = NULL; - OM_uint32 mechstat = GSS_S_FAILURE; int sendTokenInit = 0, tmpret; mechtok_in = mic_in = mic_out = GSS_C_NO_BUFFER; @@ -1718,15 +1715,12 @@ spnego_gss_accept_sec_context( * round-trip. RET is set to a default value according to * whether it is the first round-trip. */ - mechstat = GSS_S_FAILURE; if (negState != REQUEST_MIC && mechtok_in != GSS_C_NO_BUFFER) { ret = acc_ctx_call_acc(minor_status, sc, spcred, mechtok_in, mech_type, &mechtok_out, ret_flags, time_rec, delegated_cred_handle, &negState, &return_token); - } else if (negState == REQUEST_MIC) { - mechstat = GSS_S_CONTINUE_NEEDED; } /* Step 3: process or generate the MIC, if the negotiated mech is @@ -4008,10 +4002,10 @@ g_verify_neg_token_init(unsigned char **buf_in, unsigned int cur_size) * - check for a0(context specific identifier) * - get length and verify that enoughd ata exists */ - if (g_get_tag_and_length(&buf, CONTEXT, cur_size, &seqsize) < 0) + if (g_get_tag_and_length(&buf, CONTEXT, cur_size, &bytes) < 0) return (G_BAD_TOK_HEADER); - cur_size = seqsize; /* should indicate bytes remaining */ + cur_size = bytes; /* should indicate bytes remaining */ /* * Verify the next piece, it should identify this as diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index adc050c95..9d51991f4 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -613,7 +613,6 @@ static kadm5_ret_t setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in, char *client_name, char *full_svcname) { - kadm5_ret_t code; OM_uint32 gssstat, minor_stat; gss_buffer_desc buf; gss_name_t gss_client; @@ -622,7 +621,6 @@ setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in, const char *c_ccname_orig; char *ccname_orig; - code = KADM5_GSS_ERROR; gss_client_creds = GSS_C_NO_CREDENTIAL; ccname_orig = NULL; gss_client = gss_target = GSS_C_NO_NAME; @@ -630,10 +628,8 @@ setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in, /* Temporarily use the kadm5 cache. */ gssstat = gss_krb5_ccache_name(&minor_stat, handle->cache_name, &c_ccname_orig); - if (gssstat != GSS_S_COMPLETE) { - code = KADM5_GSS_ERROR; + if (gssstat != GSS_S_COMPLETE) goto error; - } if (c_ccname_orig) ccname_orig = strdup(c_ccname_orig); else @@ -643,10 +639,8 @@ setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in, buf.length = strlen((char *)buf.value) + 1; gssstat = gss_import_name(&minor_stat, &buf, (gss_OID) gss_nt_krb5_name, &gss_target); - if (gssstat != GSS_S_COMPLETE) { - code = KADM5_GSS_ERROR; + if (gssstat != GSS_S_COMPLETE) goto error; - } if (client_name) { buf.value = client_name; @@ -655,16 +649,13 @@ setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in, (gss_OID) gss_nt_krb5_name, &gss_client); } else gss_client = GSS_C_NO_NAME; - if (gssstat != GSS_S_COMPLETE) { - code = KADM5_GSS_ERROR; + if (gssstat != GSS_S_COMPLETE) goto error; - } gssstat = gss_acquire_cred(&minor_stat, gss_client, 0, GSS_C_NULL_OID_SET, GSS_C_INITIATE, &gss_client_creds, NULL, NULL); if (gssstat != GSS_S_COMPLETE) { - code = KADM5_GSS_ERROR; #if 0 /* for debugging only */ { OM_uint32 maj_status, min_status, message_context = 0; @@ -762,7 +753,7 @@ rpc_auth(kadm5_server_handle_t handle, kadm5_config_params *params_in, /* Use RPCSEC_GSS by default. */ if (params_in == NULL || !(params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) { - sec.mech = gss_mech_krb5; + sec.mech = (gss_OID)gss_mech_krb5; sec.qop = GSS_C_QOP_DEFAULT; sec.svc = RPCSEC_GSS_SVC_PRIVACY; sec.cred = gss_client_creds; diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c index 153b96297..42ac783ad 100644 --- a/src/lib/kadm5/kadm_rpc_xdr.c +++ b/src/lib/kadm5/kadm_rpc_xdr.c @@ -819,7 +819,8 @@ xdr_chrand_ret(XDR *xdrs, chrand_ret *objp) return (FALSE); } if (objp->code == KADM5_OK) { - if (!xdr_array(xdrs, (char **)&objp->keys, &objp->n_keys, ~0, + if (!xdr_array(xdrs, (char **)&objp->keys, + (unsigned int *)&objp->n_keys, ~0, sizeof(krb5_keyblock), xdr_krb5_keyblock)) return FALSE; } diff --git a/src/lib/kadm5/srv/server_acl.c b/src/lib/kadm5/srv/server_acl.c index 7094f49a8..b2aeb7daa 100644 --- a/src/lib/kadm5/srv/server_acl.c +++ b/src/lib/kadm5/srv/server_acl.c @@ -112,7 +112,7 @@ kadm5int_acl_get_line(fp, lnp) line_incr = 0; for (domore = 1; domore && !feof(fp); ) { /* Copy in the line, with continuations */ - for (i=0; ((i < sizeof acl_buf) && !feof(fp)); i++ ) { + for (i = 0; ((i < BUFSIZ) && !feof(fp)); i++) { int byte; byte = fgetc(fp); acl_buf[i] = byte; diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index f4217dd49..23661448a 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -282,7 +282,7 @@ kdb_get_entry(kadm5_server_handle_t handle, return(ret); } - xdrmem_create(&xdrs, tl_data.tl_data_contents, + xdrmem_create(&xdrs, (caddr_t)tl_data.tl_data_contents, tl_data.tl_data_length, XDR_DECODE); if (! xdr_osa_princ_ent_rec(&xdrs, adb)) { xdr_destroy(&xdrs); @@ -373,7 +373,7 @@ kdb_put_entry(kadm5_server_handle_t handle, } tl_data.tl_data_type = KRB5_TL_KADM_DATA; tl_data.tl_data_length = xdr_getpos(&xdrs); - tl_data.tl_data_contents = xdralloc_getdata(&xdrs); + tl_data.tl_data_contents = (krb5_octet *)xdralloc_getdata(&xdrs); ret = krb5_dbe_update_tl_data(handle->context, kdb, &tl_data); diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 6d90628dc..6c7a2c0d5 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -245,10 +245,12 @@ apply_keysalt_policy(kadm5_server_handle_t handle, const char *policy, ks_tuple = handle->params.keysalts; } /* Dup the requested or defaulted keysalt tuples. */ - new_ks_tuple = k5memdup(ks_tuple, n_ks_tuple * sizeof(*new_ks_tuple), - &ret); - if (new_ks_tuple == NULL) + new_ks_tuple = malloc(n_ks_tuple * sizeof(*new_ks_tuple)); + if (new_ks_tuple == NULL) { + ret = ENOMEM; goto cleanup; + } + memcpy(new_ks_tuple, ks_tuple, n_ks_tuple * sizeof(*new_ks_tuple)); new_n_ks_tuple = n_ks_tuple; ret = 0; goto cleanup; @@ -363,7 +365,7 @@ kadm5_create_principal_3(void *server_handle, kadm5_policy_ent_rec polent; krb5_boolean have_polent = FALSE; krb5_int32 now; - krb5_tl_data *tl_data_orig, *tl_data_tail; + krb5_tl_data *tl_data_tail; unsigned int ret; kadm5_server_handle_t handle = server_handle; krb5_keyblock *act_mkey; @@ -487,7 +489,6 @@ kadm5_create_principal_3(void *server_handle, if (mask & KADM5_TL_DATA) { /* splice entry->tl_data onto the front of kdb->tl_data */ - tl_data_orig = kdb->tl_data; for (tl_data_tail = entry->tl_data; tl_data_tail; tl_data_tail = tl_data_tail->tl_data_next) { @@ -1265,6 +1266,8 @@ kadm5_use_password_server (void) } #endif +void kadm5_set_use_password_server (void); + void kadm5_set_use_password_server (void) { diff --git a/src/lib/kdb/iprop_xdr.c b/src/lib/kdb/iprop_xdr.c index 2ab59f570..8bf2c89e6 100644 --- a/src/lib/kdb/iprop_xdr.c +++ b/src/lib/kdb/iprop_xdr.c @@ -9,7 +9,7 @@ #pragma GCC diagnostic ignored "-Wunused-variable" #endif -bool_t +static bool_t xdr_int16_t (XDR *xdrs, int16_t *objp) { register int32_t *buf; @@ -19,17 +19,7 @@ xdr_int16_t (XDR *xdrs, int16_t *objp) return TRUE; } -bool_t -xdr_uint16_t (XDR *xdrs, uint16_t *objp) -{ - register int32_t *buf; - - if (!xdr_u_short (xdrs, objp)) - return FALSE; - return TRUE; -} - -bool_t +static bool_t xdr_int32_t (XDR *xdrs, int32_t *objp) { register int32_t *buf; @@ -39,7 +29,7 @@ xdr_int32_t (XDR *xdrs, int32_t *objp) return TRUE; } -bool_t +static bool_t xdr_uint32_t (XDR *xdrs, uint32_t *objp) { register int32_t *buf; diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c index bbe2a2e6d..3828c5949 100644 --- a/src/lib/krb5/ccache/cc_keyring.c +++ b/src/lib/krb5/ccache/cc_keyring.c @@ -144,11 +144,6 @@ debug_print(char *fmt, ...) /* Hopefully big enough to hold a serialized credential */ #define GUESS_CRED_SIZE 4096 -#define ALLOC(NUM,TYPE) \ - (((NUM) <= (((size_t)0-1)/ sizeof(TYPE))) \ - ? (TYPE *) calloc((NUM), sizeof(TYPE)) \ - : (errno = ENOMEM,(TYPE *) 0)) - #define CHECK_N_GO(ret, errdest) if (ret != KRB5_OK) goto errdest #define CHECK(ret) if (ret != KRB5_OK) goto errout #define CHECK_OUT(ret) if (ret != KRB5_OK) return ret @@ -651,7 +646,7 @@ krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_krcc_cursor krcursor; krb5_krcc_data *d; unsigned int size; - int res; + long res; DEBUG_PRINT(("krb5_krcc_start_seq_get: entered\n")); @@ -676,7 +671,7 @@ krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id, krcursor->keys = (key_serial_t *) ((char *) krcursor + sizeof(*krcursor)); res = keyctl_read(d->ring_id, (char *) krcursor->keys, ((d->numkeys + 1) * sizeof(key_serial_t))); - if (res < 0 || res > ((d->numkeys + 1) * sizeof(key_serial_t))) { + if (res < 0 || (size_t)res > ((d->numkeys + 1) * sizeof(key_serial_t))) { DEBUG_PRINT(("Read %d bytes from keyring, numkeys %d: %s\n", res, d->numkeys, strerror(errno))); free(krcursor); @@ -1213,7 +1208,7 @@ krb5_krcc_get_ring_ids(krb5_krcc_ring_ids_t *p) */ memset(ids_buf, '\0', sizeof(ids_buf)); val = keyctl_read(ids_key, ids_buf, sizeof(ids_buf)); - if (val > sizeof(ids_buf)) + if (val < 0 || (size_t)val > sizeof(ids_buf)) goto out; val = sscanf(ids_buf, "%d:%d:%d", &session, &process, &thread); @@ -1359,12 +1354,7 @@ krb5_krcc_parse_principal(krb5_context context, krb5_ccache id, if (tmpprinc == NULL) return KRB5_CC_NOMEM; if (length) { - size_t msize = length; - if (msize != length) { - free(tmpprinc); - return KRB5_CC_NOMEM; - } - tmpprinc->data = ALLOC(msize, krb5_data); + tmpprinc->data = calloc(length, sizeof(krb5_data)); if (tmpprinc->data == 0) { free(tmpprinc); return KRB5_CC_NOMEM; @@ -1415,12 +1405,9 @@ krb5_krcc_parse_keyblock(krb5_context context, krb5_ccache id, if (int32 < 0) return KRB5_CC_NOMEM; keyblock->length = int32; - /* Overflow check. */ - if (keyblock->length != int32) - return KRB5_CC_NOMEM; if (keyblock->length == 0) return KRB5_OK; - keyblock->contents = ALLOC(keyblock->length, krb5_octet); + keyblock->contents = malloc(keyblock->length); if (keyblock->contents == NULL) return KRB5_CC_NOMEM; @@ -1478,7 +1465,7 @@ krb5_krcc_parse_krb5data(krb5_context context, krb5_ccache id, if (len < 0) return KRB5_CC_NOMEM; data->length = len; - if (data->length != len || data->length + 1 == 0) + if (data->length + 1 == 0) return KRB5_CC_NOMEM; if (data->length == 0) { @@ -1542,11 +1529,10 @@ krb5_krcc_parse_addrs(krb5_context context, krb5_ccache id, * Make *addrs able to hold length pointers to krb5_address structs * Add one extra for a null-terminated list */ - msize = length; - msize += 1; - if (msize == 0 || msize - 1 != length || length < 0) + msize = (size_t)length + 1; + if (msize == 0 || length < 0) return KRB5_CC_NOMEM; - *addrs = ALLOC(msize, krb5_address *); + *addrs = calloc(msize, sizeof(krb5_address *)); if (*addrs == NULL) return KRB5_CC_NOMEM; @@ -1587,13 +1573,6 @@ krb5_krcc_parse_addr(krb5_context context, krb5_ccache id, krb5_address * addr, if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ return KRB5_CC_NOMEM; addr->length = int32; - /* - * Length field is "unsigned int", which may be smaller - * than 32 bits. - */ - if (addr->length != int32) - return KRB5_CC_NOMEM; /* XXX */ - if (addr->length == 0) return KRB5_OK; @@ -1633,11 +1612,10 @@ krb5_krcc_parse_authdata(krb5_context context, krb5_ccache id, * Make *a able to hold length pointers to krb5_authdata structs * Add one extra for a null-terminated list */ - msize = length; - msize += 1; - if (msize == 0 || msize - 1 != length || length < 0) + msize = (size_t)length + 1; + if (msize == 0 || length < 0) return KRB5_CC_NOMEM; - *a = ALLOC(msize, krb5_authdata *); + *a = calloc(msize, sizeof(krb5_authdata *)); if (*a == NULL) return KRB5_CC_NOMEM; @@ -1680,13 +1658,6 @@ krb5_krcc_parse_authdatum(krb5_context context, krb5_ccache id, if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ return KRB5_CC_NOMEM; a->length = int32; - /* - * Value could have gotten truncated if int is - * smaller than 32 bits. - */ - if (a->length != int32) - return KRB5_CC_NOMEM; /* XXX */ - if (a->length == 0) return KRB5_OK; diff --git a/src/lib/krb5/ccache/t_cc.c b/src/lib/krb5/ccache/t_cc.c index 1c112725e..991cef025 100644 --- a/src/lib/krb5/ccache/t_cc.c +++ b/src/lib/krb5/ccache/t_cc.c @@ -332,14 +332,14 @@ check_registered(krb5_context context, const char *prefix) if(kret != KRB5_OK) { if(kret == KRB5_CC_UNKNOWN_TYPE) return 0; - com_err("Checking on credential type", kret,prefix); + com_err("Checking on credential type", kret, "%s", prefix); fflush(stderr); return 0; } kret = krb5_cc_close(context, id); if(kret != KRB5_OK) { - com_err("Checking on credential type - closing", kret,prefix); + com_err("Checking on credential type - closing", kret, "%s", prefix); fflush(stderr); } diff --git a/src/lib/krb5/krb/t_deltat.c b/src/lib/krb5/krb/t_deltat.c index 8a50c6905..e519ee804 100644 --- a/src/lib/krb5/krb/t_deltat.c +++ b/src/lib/krb5/krb/t_deltat.c @@ -126,7 +126,7 @@ main (void) }; int fail = 0; - int i; + size_t i; for (i = 0; i < sizeof(values)/sizeof(values[0]); i++) { krb5_deltat result; @@ -150,8 +150,8 @@ main (void) } } if (fail == 0) - printf ("Passed all %d tests.\n", i); + printf ("Passed all %d tests.\n", (int)i); else - printf ("Failed %d of %d tests.\n", fail, i); + printf ("Failed %d of %d tests.\n", fail, (int)i); return fail; } diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c index 692d89d78..9cdf5e641 100644 --- a/src/lib/krb5/krb/t_ser.c +++ b/src/lib/krb5/krb/t_ser.c @@ -95,7 +95,7 @@ ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype) kret = krb5_externalize_data(ser_ctx, ctx, &outrep, &outlen); if (!kret) { if (verbose) { - printf("%s: externalized in %d bytes\n", msg, outlen); + printf("%s: externalized in %d bytes\n", msg, (int)outlen); print_erep(outrep, outlen); } @@ -110,7 +110,7 @@ ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype) if (!kret) { if (ilen) printf("%s: %d bytes left over after internalize\n", - msg, ilen); + msg, (int)ilen); /* Now attempt to re-externalize it */ kret = krb5_externalize_data(ser_ctx, nctx, &outrep2, &outlen2); if (!kret) { diff --git a/src/lib/krb5/os/localaddr.c b/src/lib/krb5/os/localaddr.c index f894d05a3..f7eb2d240 100644 --- a/src/lib/krb5/os/localaddr.c +++ b/src/lib/krb5/os/localaddr.c @@ -1346,12 +1346,10 @@ get_localaddrs (krb5_context context, krb5_address ***addr, int use_profile) { struct localaddr_data data = { 0 }; int r; - krb5_error_code err; - if (use_profile) { - err = krb5_os_localaddr_profile (context, &data); - /* ignore err for now */ - } + /* Ignore errors for now. */ + if (use_profile) + (void)krb5_os_localaddr_profile (context, &data); r = foreach_localaddr (&data, count_addrs, allocate, add_addr); if (r != 0) { diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c index ef7ce0b9d..1930d7e9d 100644 --- a/src/lib/krb5/rcache/rc_io.c +++ b/src/lib/krb5/rcache/rc_io.c @@ -223,9 +223,8 @@ krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn, struct stat sb1, sb2; #endif char *dir; - size_t dirlen; - GETDIR; + dir = getdir(); if (full_pathname) { if (!(d->fn = strdup(full_pathname))) return KRB5_RC_IO_MALLOC; diff --git a/src/lib/rpc/auth_gss.c b/src/lib/rpc/auth_gss.c index ab161c17d..319bc759b 100644 --- a/src/lib/rpc/auth_gss.c +++ b/src/lib/rpc/auth_gss.c @@ -546,7 +546,6 @@ authgss_destroy_context(AUTH *auth) { struct rpc_gss_data *gd; OM_uint32 min_stat; - enum clnt_stat callstat; log_debug("in authgss_destroy_context()"); @@ -555,10 +554,8 @@ authgss_destroy_context(AUTH *auth) if (gd->gc.gc_ctx.length != 0) { if (gd->established) { gd->gc.gc_proc = RPCSEC_GSS_DESTROY; - callstat = clnt_call(gd->clnt, NULLPROC, - xdr_void, NULL, - xdr_void, NULL, - AUTH_TIMEOUT); + (void)clnt_call(gd->clnt, NULLPROC, xdr_void, NULL, + xdr_void, NULL, AUTH_TIMEOUT); log_debug("%s", clnt_sperror(gd->clnt, "authgss_destroy_context")); diff --git a/src/lib/rpc/pmap_rmt.c b/src/lib/rpc/pmap_rmt.c index 66edf572a..10d9e3f62 100644 --- a/src/lib/rpc/pmap_rmt.c +++ b/src/lib/rpc/pmap_rmt.c @@ -188,7 +188,6 @@ getbroadcastnets( { struct ifconf ifc; struct ifreq ifreq, *ifr; - struct sockaddr_in *sockin; int n, i; ifc.ifc_len = GIFCONF_BUFSIZE; @@ -208,24 +207,16 @@ getbroadcastnets( if ((ifreq.ifr_flags & IFF_BROADCAST) && (ifreq.ifr_flags & IFF_UP) && ifr->ifr_addr.sa_family == AF_INET) { - sockin = (struct sockaddr_in *)&ifr->ifr_addr; #ifdef SIOCGIFBRDADDR /* 4.3BSD */ if (ioctl(sock, SIOCGIFBRDADDR, (char *)&ifreq) < 0) { addrs[i++].s_addr = INADDR_ANY; -#if 0 /* this is uuuuugly */ - addrs[i++] = inet_makeaddr(inet_netof -#if defined(hpux) || (defined(sun) && defined(__svr4__)) || defined(linux) || (defined(__osf__) && defined(__alpha__)) - (sockin->sin_addr), -#else /* hpux or solaris */ - (sockin->sin_addr.s_addr), -#endif - INADDR_ANY); -#endif } else { addrs[i++] = ((struct sockaddr_in*) &ifreq.ifr_addr)->sin_addr; } #else /* 4.2 BSD */ + struct sockaddr_in *sockin; + sockin = (struct sockaddr_in *)&ifr->ifr_addr; addrs[i++] = inet_makeaddr(inet_netof (sockin->sin_addr.s_addr), INADDR_ANY); #endif diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c index c3d52dc89..68498daa8 100644 --- a/src/lib/rpc/svc_auth_gss.c +++ b/src/lib/rpc/svc_auth_gss.c @@ -486,8 +486,8 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, offset = 0 - offset; gd->seqmask <<= offset; offset = 0; - } - else if (offset >= gd->win || (gd->seqmask & (1 << offset))) { + } else if ((u_int)offset >= gd->win || + (gd->seqmask & (1 << offset))) { *no_dispatch = 1; ret_freegc (RPCSEC_GSS_CTXPROBLEM); } diff --git a/src/lib/rpc/svc_udp.c b/src/lib/rpc/svc_udp.c index a38f35d7d..0b0152730 100644 --- a/src/lib/rpc/svc_udp.c +++ b/src/lib/rpc/svc_udp.c @@ -198,6 +198,7 @@ svcudp_recv( register int rlen; char *reply; uint32_t replylen; + socklen_t addrlen; again: memset(&dummy, 0, sizeof(dummy)); @@ -215,13 +216,14 @@ svcudp_recv( return (FALSE); } - xprt->xp_addrlen = sizeof(struct sockaddr_in); + addrlen = sizeof(struct sockaddr_in); rlen = recvfrom(xprt->xp_sock, rpc_buffer(xprt), (int) su->su_iosz, - 0, (struct sockaddr *)&(xprt->xp_raddr), &(xprt->xp_addrlen)); + 0, (struct sockaddr *)&(xprt->xp_raddr), &addrlen); if (rlen == -1 && errno == EINTR) goto again; if (rlen < (int) (4*sizeof(uint32_t))) return (FALSE); + xprt->xp_addrlen = addrlen; xdrs->x_op = XDR_DECODE; XDR_SETPOS(xdrs, 0); if (! xdr_callmsg(xdrs, msg)) diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c index 6ab45347f..646477f3d 100644 --- a/src/lib/rpc/unit-test/client.c +++ b/src/lib/rpc/unit-test/client.c @@ -58,8 +58,8 @@ main(argc, argv) CLIENT *clnt; AUTH *tmp_auth; struct rpc_err e; - int i, auth_once, sock, use_tcp; - unsigned int count; + int auth_once, sock, use_tcp; + unsigned int count, i; extern int optind; extern char *optarg; extern int svc_debug_gssapi, misc_debug_gssapi, auth_debug_gssapi; diff --git a/src/lib/rpc/xdr_mem.c b/src/lib/rpc/xdr_mem.c index febb8be44..f3eb047b1 100644 --- a/src/lib/rpc/xdr_mem.c +++ b/src/lib/rpc/xdr_mem.c @@ -125,7 +125,7 @@ static bool_t xdrmem_getbytes(XDR *xdrs, caddr_t addr, u_int len) { - if (xdrs->x_handy < len) + if ((u_int)xdrs->x_handy < len) return (FALSE); else xdrs->x_handy -= len; @@ -138,7 +138,7 @@ static bool_t xdrmem_putbytes(XDR *xdrs, caddr_t addr, u_int len) { - if (xdrs->x_handy < len) + if ((u_int)xdrs->x_handy < len) return (FALSE); else xdrs->x_handy -= len; diff --git a/src/lib/rpc/xdr_rec.c b/src/lib/rpc/xdr_rec.c index cb839b68b..058788257 100644 --- a/src/lib/rpc/xdr_rec.c +++ b/src/lib/rpc/xdr_rec.c @@ -244,7 +244,7 @@ static bool_t /* must manage buffers, fragments, and records */ xdrrec_getbytes(XDR *xdrs, caddr_t addr, u_int len) { register RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private); - register int current; + register u_int current; while (len > 0) { current = rstrm->fbtbc; @@ -519,7 +519,7 @@ get_input_bytes(RECSTREAM *rstrm, caddr_t addr, int len) return (FALSE); continue; } - current = (len < current) ? len : current; + current = ((size_t)len < current) ? (size_t)len : current; memmove(addr, rstrm->in_finger, current); rstrm->in_finger += current; addr += current; diff --git a/src/lib/rpc/xdr_sizeof.c b/src/lib/rpc/xdr_sizeof.c index a9b16e214..145e38755 100644 --- a/src/lib/rpc/xdr_sizeof.c +++ b/src/lib/rpc/xdr_sizeof.c @@ -80,7 +80,7 @@ x_setpostn(xdrs, pos) return (FALSE); } -static long * +static rpc_inline_t * x_inline(xdrs, len) XDR *xdrs; int len; @@ -94,7 +94,7 @@ x_inline(xdrs, len) if (len < (int) xdrs->x_base) { /* x_private was already allocated */ xdrs->x_handy += len; - return ((long *) xdrs->x_private); + return ((rpc_inline_t *) xdrs->x_private); } else { /* Free the earlier space and allocate new area */ if (xdrs->x_private) @@ -105,7 +105,7 @@ x_inline(xdrs, len) } xdrs->x_base = (caddr_t) len; xdrs->x_handy += len; - return ((long *) xdrs->x_private); + return ((rpc_inline_t *) xdrs->x_private); } } @@ -139,7 +139,7 @@ xdr_sizeof(func, data) bool_t stat; /* to stop ANSI-C compiler from complaining */ typedef bool_t (* dummyfunc1)(XDR *, long *); - typedef bool_t (* dummyfunc2)(XDR *, caddr_t, int); + typedef bool_t (* dummyfunc2)(XDR *, caddr_t, u_int); ops.x_putlong = x_putlong; ops.x_putbytes = x_putbytes; |