From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 1 Nov 2024 17:42:44 +0000 (-0400)
Subject: Fix various small logic errors
X-Git-Tag: krb5-1.22-beta1~54
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b57de1b68f31fa297d91e8b00bd91587d71fd02;p=thirdparty%2Fkrb5.git

Fix various small logic errors

Correct five logic errors (all unlikely to manifest as user-visible
bugs) found by static analysis.  Reported by Valery Fedorenko.
---

diff --git a/src/kdc/policy.c b/src/kdc/policy.c
index a3ff556c53..1ae1c7a059 100644
--- a/src/kdc/policy.c
+++ b/src/kdc/policy.c
@@ -180,7 +180,7 @@ unload_kdcpolicy_plugins(krb5_context context)
 {
     kdcpolicy_handle *hp, h;
 
-    for (hp = handles; *hp != NULL; hp++) {
+    for (hp = handles; hp != NULL && *hp != NULL; hp++) {
         h = *hp;
         if (h->vt.fini != NULL)
             h->vt.fini(context, h->moddata);
diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c
index 75372d8940..b3da72d3fb 100644
--- a/src/lib/apputils/net-server.c
+++ b/src/lib/apputils/net-server.c
@@ -1127,7 +1127,7 @@ kill_lru_tcp_or_rpc_connection(void *handle, verto_ev *newev)
     }
     if (oldest_c != NULL) {
         krb5_klog_syslog(LOG_INFO, _("dropping %s fd %d from %s"),
-                         c->type == CONN_RPC ? "rpc" : "tcp",
+                         oldest_c->type == CONN_RPC ? "rpc" : "tcp",
                          verto_get_fd(oldest_ev), oldest_c->addrbuf);
         if (oldest_c->type == CONN_RPC)
             oldest_c->rpc_force_close = 1;
diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c
index 9b907bcdc6..7965a4306c 100644
--- a/src/lib/rpc/unit-test/client.c
+++ b/src/lib/rpc/unit-test/client.c
@@ -165,6 +165,7 @@ main(int argc, char **argv)
 	  if (echo_resp == NULL) {
 	       fprintf(stderr, "RPC_TEST_ECHO call %d%s", i,
 		       clnt_sperror(clnt, ""));
+	       break;
 	  }
 	  if (strncmp(*echo_resp, "Echo: ", 6) &&
 	      strcmp(echo_arg, (*echo_resp) + 6) != 0)
diff --git a/src/plugins/audit/kdc_j_encode.c b/src/plugins/audit/kdc_j_encode.c
index fb4a4ed73f..0df258d766 100755
--- a/src/plugins/audit/kdc_j_encode.c
+++ b/src/plugins/audit/kdc_j_encode.c
@@ -419,12 +419,10 @@ kau_j_tgs_u2u(const krb5_boolean ev_success, krb5_audit_state *state,
             goto error;
     }
     /* Client in the second ticket. */
-    if (req != NULL) {
-        ret = princ_to_value(req->second_ticket[0]->enc_part2->client,
-                             obj, AU_REQ_U2U_USER);
-        if (ret)
-            goto error;
-    }
+    ret = princ_to_value(req->second_ticket[0]->enc_part2->client,
+                         obj, AU_REQ_U2U_USER);
+    if (ret)
+        goto error;
     /* Enctype of a session key of the second ticket. */
     ret = int32_to_value(req->second_ticket[0]->enc_part2->session->enctype,
                          obj, AU_SRV_ETYPE);
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 6d19661940..4ae2c00ad5 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -4110,6 +4110,8 @@ pkinit_get_certs_pkcs12(krb5_context context,
 
         TRACE_PKINIT_PKCS_PARSE_FAIL_FIRST(context);
 
+        if (p12name == NULL)
+            goto cleanup;
         if (id_cryptoctx->defer_id_prompt) {
             /* Supply the identity name to be passed to the responder. */
             pkinit_set_deferred_id(&id_cryptoctx->deferred_ids, p12name, 0,