krb5_init_context return value was not checked. This could lead
to unhandled error issues.

This patch moves the Kerberos context initialization to the
branch where it is needed and handles the error value in a way
that allows program exit in a standard way deallocating all
resources.

https://fedorahosted.org/freeipa/ticket/721

>From 0c4aca1cd65bc95ce90c67c4c20914807d170ee6 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Tue, 11 Jan 2011 10:44:48 +0100
Subject: [PATCH] Unchecked return value in ipa-getkeytab

krb5_init_context return value was not checked. This could lead
to unhandled error issues.

This patch moves the Kerberos context initialization to the
branch where it is needed and handles the error value in a way
that allows program exit in a standard way deallocating all
resources.

https://fedorahosted.org/freeipa/ticket/721
---
 ipa-client/ipa-getkeytab.c |   20 ++++++++++++++++----
 1 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c
index 8f108de4a5edb9f353c172a338838e504e842ca5..c6366313c7a1f791cfc2ccd9f671a74c1bb2557d 100644
--- a/ipa-client/ipa-getkeytab.c
+++ b/ipa-client/ipa-getkeytab.c
@@ -76,19 +76,32 @@ static int ldap_sasl_interact(LDAP *ld, unsigned flags, void *priv_data, void *s
 	krb5_principal princ = (krb5_principal)priv_data;
 	krb5_context krbctx;
 	char *outname = NULL;
+    krb5_error_code krberr;
 
 	if (!ld) return LDAP_PARAM_ERROR;
 
-	krb5_init_context(&krbctx);
-
 	for (in = sit; in && in->id != SASL_CB_LIST_END; in++) {
 		switch(in->id) {
 		case SASL_CB_USER:
+            krberr = krb5_init_context(&krbctx);
+
+        	if (krberr) {
+        		fprintf(stderr, _("Kerberos context initialization failed\n"));
+                in->result = NULL;
+    			in->len = 0;
+        		ret = LDAP_LOCAL_ERROR;
+                break;
+        	}
+
 			krb5_unparse_name(krbctx, princ, &outname);
+
 			in->result = outname;
 			in->len = strlen(outname);
 			ret = LDAP_SUCCESS;
-			break;
+
+	        krb5_free_context(krbctx);
+			
+            break;
 		case SASL_CB_GETREALM:
 			in->result = princ->realm.data;
 			in->len = princ->realm.length;
@@ -100,7 +113,6 @@ static int ldap_sasl_interact(LDAP *ld, unsigned flags, void *priv_data, void *s
 			ret = LDAP_OTHER;
 		}
 	}
-	krb5_free_context(krbctx);
 	return ret;
 }
 
-- 
1.7.3.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to