Fix various small logic errors

Correct five logic errors (all unlikely to manifest as user-visible
bugs) found by static analysis.  Reported by Valery Fedorenko.

diff --git a/src/kdc/policy.c b/src/kdc/policy.c
index a3ff556c53859d0129e0e8a22c479d82205e19e8..1ae1c7a059b939719821f2ae786795ed9def08ad 100644 (file)
--- a/src/kdc/policy.c
+++ b/src/kdc/policy.c
@@ -180,7 +180,7 @@ unload_kdcpolicy_plugins(krb5_context context)
 {
     kdcpolicy_handle *hp, h;
 
-    for (hp = handles; *hp != NULL; hp++) {
+    for (hp = handles; hp != NULL && *hp != NULL; hp++) {
         h = *hp;
         if (h->vt.fini != NULL)
             h->vt.fini(context, h->moddata);

diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c
index 75372d89400922ea6a57de75468d568014dd924b..b3da72d3fbe0578a58c9d2ec7a8fa791cab02842 100644 (file)
--- a/src/lib/apputils/net-server.c
+++ b/src/lib/apputils/net-server.c
@@ -1127,7 +1127,7 @@ kill_lru_tcp_or_rpc_connection(void *handle, verto_ev *newev)
     }
     if (oldest_c != NULL) {
         krb5_klog_syslog(LOG_INFO, _("dropping %s fd %d from %s"),
-                         c->type == CONN_RPC ? "rpc" : "tcp",
+                         oldest_c->type == CONN_RPC ? "rpc" : "tcp",
                          verto_get_fd(oldest_ev), oldest_c->addrbuf);
         if (oldest_c->type == CONN_RPC)
             oldest_c->rpc_force_close = 1;

diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c
index 9b907bcdc6ef47edd54b76e44ae54738dcd3f1c6..7965a4306c7178d97c5f8eb5478fc652518bd3b8 100644 (file)
--- a/src/lib/rpc/unit-test/client.c
+++ b/src/lib/rpc/unit-test/client.c
@@ -165,6 +165,7 @@ main(int argc, char **argv)
          if (echo_resp == NULL) {
               fprintf(stderr, "RPC_TEST_ECHO call %d%s", i,
                       clnt_sperror(clnt, ""));
+              break;
          }
          if (strncmp(*echo_resp, "Echo: ", 6) &&
              strcmp(echo_arg, (*echo_resp) + 6) != 0)

diff --git a/src/plugins/audit/kdc_j_encode.c b/src/plugins/audit/kdc_j_encode.c
index fb4a4ed73fd25b9a458f0619758b26b49425e9f6..0df258d766abfae006c5643de47e67b8e8569f5e 100755 (executable)
--- a/src/plugins/audit/kdc_j_encode.c
+++ b/src/plugins/audit/kdc_j_encode.c
@@ -419,12 +419,10 @@ kau_j_tgs_u2u(const krb5_boolean ev_success, krb5_audit_state *state,
             goto error;
     }
     /* Client in the second ticket. */
-    if (req != NULL) {
-        ret = princ_to_value(req->second_ticket[0]->enc_part2->client,
-                             obj, AU_REQ_U2U_USER);
-        if (ret)
-            goto error;
-    }
+    ret = princ_to_value(req->second_ticket[0]->enc_part2->client,
+                         obj, AU_REQ_U2U_USER);
+    if (ret)
+        goto error;
     /* Enctype of a session key of the second ticket. */
     ret = int32_to_value(req->second_ticket[0]->enc_part2->session->enctype,
                          obj, AU_SRV_ETYPE);

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 6d196619406babed46d51ea98de335380cab4fc0..4ae2c00ad5ecc0bc7c98f88ae9ea84762155bd67 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -4110,6 +4110,8 @@ pkinit_get_certs_pkcs12(krb5_context context,
 
         TRACE_PKINIT_PKCS_PARSE_FAIL_FIRST(context);
 
+        if (p12name == NULL)
+            goto cleanup;
         if (id_cryptoctx->defer_id_prompt) {
             /* Supply the identity name to be passed to the responder. */
             pkinit_set_deferred_id(&id_cryptoctx->deferred_ids, p12name, 0,