From: Ken Raeburn <raeburn@mit.edu>
Date: Sat, 29 Mar 2008 01:08:31 +0000 (+0000)
Subject: Coverity CID 228: Possible use of uninitialized variable time_req in
X-Git-Tag: krb5-1.7-alpha1~703
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=71ca378e4b7fb64f77bbf58ba15f4665072163bd;p=thirdparty%2Fkrb5.git

Coverity CID 228: Possible use of uninitialized variable time_req in
gss_add_cred if cred_usage has an invalid value.  (Also flagged by
GCC.)

Changed validation routines for gss_add_cred, gss_acquire_cred, and
gss_store_cred to check the cred_usage value.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20295 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c
index 6d63e5b8f2..fbe66681f4 100644
--- a/src/lib/gssapi/mechglue/g_acquire_cred.c
+++ b/src/lib/gssapi/mechglue/g_acquire_cred.c
@@ -105,6 +105,16 @@ val_acq_cred_args(
     if (output_cred_handle == NULL)
 	return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
+    if (cred_usage != GSS_C_ACCEPT
+	&& cred_usage != GSS_C_INITIATE
+	&& cred_usage != GSS_C_BOTH) {
+	if (minor_status) {
+	    *minor_status = EINVAL;
+	    map_errcode(minor_status);
+	}
+	return GSS_S_FAILURE;
+    }
+
     return (GSS_S_COMPLETE);
 }
 
@@ -281,9 +291,18 @@ val_add_cred_args(
 
     if (input_cred_handle == GSS_C_NO_CREDENTIAL &&
 	output_cred_handle == NULL)
-
 	return (GSS_S_CALL_INACCESSIBLE_WRITE | GSS_S_NO_CRED);
 
+    if (cred_usage != GSS_C_ACCEPT
+	&& cred_usage != GSS_C_INITIATE
+	&& cred_usage != GSS_C_BOTH) {
+	if (minor_status) {
+	    *minor_status = EINVAL;
+	    map_errcode(minor_status);
+	}
+	return GSS_S_FAILURE;
+    }
+
     return (GSS_S_COMPLETE);
 }
 
diff --git a/src/lib/gssapi/mechglue/g_store_cred.c b/src/lib/gssapi/mechglue/g_store_cred.c
index b02f7069ad..d9a7d9adcf 100644
--- a/src/lib/gssapi/mechglue/g_store_cred.c
+++ b/src/lib/gssapi/mechglue/g_store_cred.c
@@ -39,6 +39,16 @@ val_store_cred_args(
 	if (input_cred_handle == GSS_C_NO_CREDENTIAL)
 		return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED);
 
+	if (cred_usage != GSS_C_ACCEPT
+	    && cred_usage != GSS_C_INITIATE
+	    && cred_usage != GSS_C_BOTH) {
+	    if (minor_status) {
+		*minor_status = EINVAL;
+		map_errcode(minor_status);
+	    }
+	    return GSS_S_FAILURE;
+	}
+
 	return (GSS_S_COMPLETE);
 }