krb5-master-rcache-acquirecred-cleanup.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

commit ef8e19af863158e4c1abc15fc710aa8cfad38406
Author: Greg Hudson <ghudson@mit.edu>
Date:   Wed Jan 15 12:51:42 2014 -0500

    Clean up GSS krb5 acquire_accept_cred
    
    Use a cleanup handler instead of releasing kt in multiple error
    clauses.  Wrap a long line and fix a comment with a missing word.
    Rewrap the function arguments to use fewer lines.

diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 9547207..37cc6b5 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -179,13 +179,13 @@ cleanup:
 */
 
 static OM_uint32
-acquire_accept_cred(krb5_context context,
-                    OM_uint32 *minor_status,
-                    krb5_keytab req_keytab,
-                    krb5_gss_cred_id_rec *cred)
+acquire_accept_cred(krb5_context context, OM_uint32 *minor_status,
+                    krb5_keytab req_keytab, krb5_gss_cred_id_rec *cred)
 {
+    OM_uint32 major;
     krb5_error_code code;
-    krb5_keytab kt;
+    krb5_keytab kt = NULL;
+    krb5_rcache rc = NULL;
 
     assert(cred->keytab == NULL);
 
@@ -202,46 +202,54 @@ acquire_accept_cred(krb5_context context,
         }
     }
     if (code) {
-        *minor_status = code;
-        return GSS_S_CRED_UNAVAIL;
+        major = GSS_S_CRED_UNAVAIL;
+        goto cleanup;
     }
 
     if (cred->name != NULL) {
-        /* Make sure we keys matching the desired name in the keytab. */
+        /* Make sure we have keys matching the desired name in the keytab. */
         code = check_keytab(context, kt, cred->name);
         if (code) {
-            krb5_kt_close(context, kt);
             if (code == KRB5_KT_NOTFOUND) {
                 char *errstr = (char *)krb5_get_error_message(context, code);
-                krb5_set_error_message(context, KG_KEYTAB_NOMATCH, "%s", errstr);
+                krb5_set_error_message(context, KG_KEYTAB_NOMATCH, "%s",
+                                       errstr);
                 krb5_free_error_message(context, errstr);
-                *minor_status = KG_KEYTAB_NOMATCH;
-            } else
-                *minor_status = code;
-            return GSS_S_CRED_UNAVAIL;
+                code = KG_KEYTAB_NOMATCH;
+            }
+            major = GSS_S_CRED_UNAVAIL;
+            goto cleanup;
         }
 
         /* Open the replay cache for this principal. */
         code = krb5_get_server_rcache(context, &cred->name->princ->data[0],
-                                      &cred->rcache);
+                                      &rc);
         if (code) {
-            krb5_kt_close(context, kt);
-            *minor_status = code;
-            return GSS_S_FAILURE;
+            major = GSS_S_FAILURE;
+            goto cleanup;
         }
     } else {
         /* Make sure we have a keytab with keys in it. */
         code = krb5_kt_have_content(context, kt);
         if (code) {
-            krb5_kt_close(context, kt);
-            *minor_status = code;
-            return GSS_S_CRED_UNAVAIL;
+            major = GSS_S_CRED_UNAVAIL;
+            goto cleanup;
         }
     }
 
     cred->keytab = kt;
+    kt = NULL;
+    cred->rcache = rc;
+    rc = NULL;
+    major = GSS_S_COMPLETE;
 
-    return GSS_S_COMPLETE;
+cleanup:
+    if (kt != NULL)
+        krb5_kt_close(context, kt);
+    if (rc != NULL)
+        krb5_rc_close(context, rc);
+    *minor_status = code;
+    return major;
 }
 #endif /* LEAN_CLIENT */