From 7778a7c92be941d4e2faaf7868be0ea41cede174 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sat, 1 May 2010 17:53:04 +0000
Subject: Fix some bugs in the IAKERB code discovered by Coverity.  Also trim
 down iakerb_initiator_step() a little using krb5_data constructors and
 avoiding vertical function arguments.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23961 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/gssapi/krb5/acquire_cred.c | 19 +++++++++++--------
 src/lib/gssapi/krb5/iakerb.c       | 25 +++++--------------------
 2 files changed, 16 insertions(+), 28 deletions(-)

(limited to 'src/lib/gssapi')

diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index c3e8481..88b739e 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -580,6 +580,7 @@ acquire_cred(minor_status, desired_name, password, time_req,
     if ((cred_usage != GSS_C_INITIATE) &&
         (cred_usage != GSS_C_ACCEPT) &&
         (cred_usage != GSS_C_BOTH)) {
+        ret = GSS_S_FAILURE;
         *minor_status = (OM_uint32) G_BAD_USAGE;
         goto error_out;
     }
@@ -685,16 +686,18 @@ error_out:
         free(ret_mechs->elements);
         free(ret_mechs);
     }
-    if (cred->ccache)
-        (void)krb5_cc_close(context, cred->ccache);
+    if (cred != NULL) {
+        if (cred->ccache)
+            (void)krb5_cc_close(context, cred->ccache);
 #ifndef LEAN_CLIENT
-    if (cred->keytab)
-        (void)krb5_kt_close(context, cred->keytab);
+        if (cred->keytab)
+            (void)krb5_kt_close(context, cred->keytab);
 #endif /* LEAN_CLIENT */
-    if (cred->name)
-        kg_release_name(context, 0, &cred->name);
-    k5_mutex_destroy(&cred->lock);
-    xfree(cred);
+        if (cred->name)
+            kg_release_name(context, 0, &cred->name);
+        k5_mutex_destroy(&cred->lock);
+        xfree(cred);
+    }
     save_error_info(*minor_status, context);
     krb5_free_context(context);
     return ret;
diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
index 3463a7f..6ee0c73 100644
--- a/src/lib/gssapi/krb5/iakerb.c
+++ b/src/lib/gssapi/krb5/iakerb.c
@@ -517,33 +517,18 @@ iakerb_initiator_step(iakerb_ctx_id_t ctx,
                       const gss_buffer_t input_token,
                       gss_buffer_t output_token)
 {
-    krb5_error_code code;
-    krb5_data in, out, realm, *cookie = NULL;
+    krb5_error_code code = 0;
+    krb5_data in = empty_data(), out = empty_data(), realm = empty_data();
+    krb5_data *cookie = NULL;
     OM_uint32 tmp;
-    int initialContextToken = (input_token == GSS_C_NO_BUFFER);
     unsigned int flags = 0;
     krb5_ticket_times times;
 
     output_token->length = 0;
     output_token->value = NULL;
 
-    in.data = NULL;
-    in.length = 0;
-    out.data = NULL;
-    out.length = 0;
-    realm.data = NULL;
-    realm.length = 0;
-
-    if (initialContextToken) {
-        in.data = NULL;
-        in.length = 0;
-    } else {
-        code = iakerb_parse_token(ctx,
-                                  0,
-                                  input_token,
-                                  NULL,
-                                  &cookie,
-                                  &in);
+    if (input_token != GSS_C_NO_BUFFER) {
+        code = iakerb_parse_token(ctx, 0, input_token, NULL, &cookie, &in);
         if (code != 0)
             goto cleanup;
 
-- 
cgit v1.1