From: Greg Hudson Date: Mon, 9 Dec 2019 16:42:47 +0000 (-0500) Subject: Add NegoEx assertion to squash defect X-Git-Tag: krb5-1.18-beta1~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=38151b3c1e69873122065e1f8351c026e1edc737;p=thirdparty%2Fkrb5.git Add NegoEx assertion to squash defect Coverity sees negoex_init() test whether input_token is null before parsing messages, then dereference input_token in verify_checksum(). Of course verify_checksum() will not find a checksum message if no messages were parsed. Add an assert to squash the false positive forward-null defect. --- diff --git a/src/lib/gssapi/spnego/negoex_ctx.c b/src/lib/gssapi/spnego/negoex_ctx.c index e69b7200e3..18d9d4147d 100644 --- a/src/lib/gssapi/spnego/negoex_ctx.c +++ b/src/lib/gssapi/spnego/negoex_ctx.c @@ -454,6 +454,7 @@ verify_checksum(OM_uint32 *minor, spnego_gss_ctx_id_t ctx, /* Verify the checksum over the existing transcript and the portion of the * input token leading up to the verify message. */ + assert(input_token != NULL); iov[0].flags = KRB5_CRYPTO_TYPE_DATA; iov[0].data = make_data(ctx->negoex_transcript.data, ctx->negoex_transcript.len);