On Tue, 2011-01-11 at 10:49 +0100, Martin Kosek wrote: > krb5_init_context return value was not checked. This could lead > to unhandled error issues. > > This patch moves the Kerberos context initialization to the > branch where it is needed and handles the error value in a way > that allows program exit in a standard way deallocating all > resources. > > https://fedorahosted.org/freeipa/ticket/721 >
Now I noticed that the tabs are used instead of spaces in the affected function. Attaching re-formatted patch to keep it pretty. Martin
>From d5c76292b12bcbf2d7d7ec1f2cd118e0ad2e97cd Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Tue, 11 Jan 2011 10:44:48 +0100 Subject: [PATCH] Unchecked return value in ipa-getkeytab krb5_init_context return value was not checked. This could lead to unhandled error issues. This patch moves the Kerberos context initialization to the branch where it is needed and handles the error value in a way that allows program exit in a standard way deallocating all resources. https://fedorahosted.org/freeipa/ticket/721 --- ipa-client/ipa-getkeytab.c | 18 +++++++++++++++--- 1 files changed, 15 insertions(+), 3 deletions(-) diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c index 8f108de4a5edb9f353c172a338838e504e842ca5..e4c7b0e2b114b0970e805921e10eaefca4d6d6f2 100644 --- a/ipa-client/ipa-getkeytab.c +++ b/ipa-client/ipa-getkeytab.c @@ -76,18 +76,31 @@ static int ldap_sasl_interact(LDAP *ld, unsigned flags, void *priv_data, void *s krb5_principal princ = (krb5_principal)priv_data; krb5_context krbctx; char *outname = NULL; + krb5_error_code krberr; if (!ld) return LDAP_PARAM_ERROR; - krb5_init_context(&krbctx); - for (in = sit; in && in->id != SASL_CB_LIST_END; in++) { switch(in->id) { case SASL_CB_USER: + krberr = krb5_init_context(&krbctx); + + if (krberr) { + fprintf(stderr, _("Kerberos context initialization failed\n")); + in->result = NULL; + in->len = 0; + ret = LDAP_LOCAL_ERROR; + break; + } + krb5_unparse_name(krbctx, princ, &outname); + in->result = outname; in->len = strlen(outname); ret = LDAP_SUCCESS; + + krb5_free_context(krbctx); + break; case SASL_CB_GETREALM: in->result = princ->realm.data; @@ -100,7 +113,6 @@ static int ldap_sasl_interact(LDAP *ld, unsigned flags, void *priv_data, void *s ret = LDAP_OTHER; } } - krb5_free_context(krbctx); return ret; } -- 1.7.3.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
