Greg Hudson [Tue, 10 Feb 2009 19:05:58 +0000 (19:05 +0000)]
In krb5_ccache_internalize: fix resource leaks, fix several cases
where success could be returned on failure, validate the length of the
ccache name, make the value of *argp well-defined on failure, and lay
out the function in a linear style with a cleanup handler.
Greg Hudson [Tue, 10 Feb 2009 18:25:15 +0000 (18:25 +0000)]
In the ccache serialization code, remove some unnecessary checks for
nullity of ccache->ops; we assume a valid ops pointer in neighboring
parts of the code.
Greg Hudson [Tue, 10 Feb 2009 02:01:58 +0000 (02:01 +0000)]
Adjust the structure of krb5_decode.c functions to initialize output
parameters to NULL and not set them to the real values until a
successful return is guaranteed. Also fix get_eoc which was returning
without clean_return.
Greg Hudson [Mon, 9 Feb 2009 21:25:53 +0000 (21:25 +0000)]
Make asn1buf_destroy return void, since it's a free function. In
krb5_encode.c functions, make *code well-defined in case of error,
and clean up some memory leaks.
Greg Hudson [Mon, 9 Feb 2009 18:52:40 +0000 (18:52 +0000)]
Fix possible free of uninitialized value in walk_rtree
In rtree_hier_realms, if the first rtree_hier_tweens call failed, the
cleanup handler would free stweens which had not been initialized.
Initialize ctweens and stweens to NULL in the variable declarations to
make the cleanup handler safe.
Greg Hudson [Mon, 9 Feb 2009 18:35:19 +0000 (18:35 +0000)]
Change contract of krb5int_utf8_normalize and fix memory leaks
Make krb5int_utf8_normalize return a krb5_error_code and always allocate
a structure to be placed in the output parameter. Adjust the function
structure to use a cleanup handler, fixing many memory leaks.
Greg Hudson [Fri, 6 Feb 2009 20:43:44 +0000 (20:43 +0000)]
Memory handling fixes in walk_rtree
In walk_rtree's rtree_hier_tree, don't leak the result of
rtree_hier_realms. In rtree_hier_realms, avoid freeing one too many
krb5_data contents on allocation failure, and use the recommend
pattern to ensure well-defined output parameter values.
Greg Hudson [Fri, 6 Feb 2009 18:40:04 +0000 (18:40 +0000)]
Fix error handling in krb5_walk_realm_tree
rtree_hier_realms was forgetting to assign the return value of
krb5int_copy_data_contents to retval, which would cause a failure to
notice out-of-memory conditions.
Ezra Peisach [Fri, 6 Feb 2009 05:22:34 +0000 (05:22 +0000)]
Do not assume sizeof(bool_t) == sizeof(krb5_boolean)
bool_t is defined as int, krb5_boolean as unsigned int. These are
similar size but someone someday might change the krb5_boolean.
Instead of passing a krb5_boolean * to xdr_bool, implement xdr_krb5_boolean
which keeps the different types separate.
Ken Raeburn [Fri, 6 Feb 2009 01:07:32 +0000 (01:07 +0000)]
remove some redundant or useless qualifiers
Remove some redundant qualifiers specified redundantly multiple times more than once in variable declarations.
Also remove some useless qualifiers in casts and function argument declarations.
Will Fiveash [Thu, 5 Feb 2009 20:57:09 +0000 (20:57 +0000)]
deal with memleaks in migrate mkey project
Ken R. told me that Coverity found several potential memleaks introduced
by the mkey migration project. This addresses those leaks and tweaks
the code formatting in a few places.
Greg Hudson [Thu, 5 Feb 2009 19:59:09 +0000 (19:59 +0000)]
In krb5_rc_io_store, check the return value of krb5int_buf_len as well
as krb5int_buf_data. The length can't be negative if the data is
non-NULL, but Coverity doesn't know that.
Greg Hudson [Thu, 5 Feb 2009 19:50:41 +0000 (19:50 +0000)]
In recvauth_common, initialize ap_option. It can't be used
uninitialized, but you can only deduce that by examining the
relationships between ap_option, problem, and outbuf.
Greg Hudson [Thu, 5 Feb 2009 19:44:35 +0000 (19:44 +0000)]
Change krb5_rc_resolve_type (not a public API) to allocate the rcache
structure. Make output parameter values of krb5_rc_resolve_type and
krb5_rc_default well-defined in case of errors.
Greg Hudson [Thu, 5 Feb 2009 18:34:57 +0000 (18:34 +0000)]
In krb5_ktfileint_find_slot, check for an error return from ftell.
(Such an error will never happen in any reasonable stdio
implementation but it's more correct to check.)
Greg Hudson [Thu, 5 Feb 2009 18:26:47 +0000 (18:26 +0000)]
Coverity was nervous that hst_realm.c's domain_heuristic() wasn't
checking for a NULL return from strchr. The code was safe because a
previous call to strchr on the same argments was checked, but make
Coverity less nervous by storing the result of that previous call and
reusing it. Also make the function conform better to our standards.
Ken Raeburn [Thu, 5 Feb 2009 02:16:22 +0000 (02:16 +0000)]
declare replacement [v]asprintf functions
If HAVE_VASPRINTF is not defined, make sure krb5int_{,v}asprintf
functions always get declared, applying the preprocessor conditional
test only to the GCC format attribute. If HAVE_VASPRINTF is defined,
don't declare them at all.
This fixes a bunch of function-not-declared warnings under Sun cc.
Ken Raeburn [Thu, 5 Feb 2009 01:49:21 +0000 (01:49 +0000)]
int/ptr bug in gssapi code
Fix a pointer argument passed where an integer is needed.
Update Sun compiler options to make that an error. (The options we're
currently using make it an error for assignment but not for argument passing.)
Greg Hudson [Wed, 4 Feb 2009 20:32:05 +0000 (20:32 +0000)]
Remove xfread/xfwrite macros. Casting the first argument to char * is
unnecessary (fread's first argument is void *, which does not require
a cast) and confuses Coverity's UNINIT checker; casting the third
argument to unsigned is not necessary for our current set of warnings.
Ken Raeburn [Mon, 2 Feb 2009 21:13:42 +0000 (21:13 +0000)]
Get rid of casts of free() argument to char*, except where it's
casting away const (so as to make this change warning-neutral), and in
unicode source (which we may want to keep in sync with another
source), and krb5_xfree macro (to be handled separately).
Ken Raeburn [Mon, 2 Feb 2009 20:37:41 +0000 (20:37 +0000)]
Revise last change to better resemble the original test, keeping the
min-lifetime test code collected together. Change policy to have a
minimum password lifetime of 10s instead of 30s, and reduce the test
delays accordingly.
Ken Raeburn [Mon, 2 Feb 2009 19:29:52 +0000 (19:29 +0000)]
speed up kpasswd tests
Reorder some tests and tune delays, so that we don't need to run for
much more than twice the min-password-life interval when testing that
functionality. (This could be made faster if we can assume that
init_db will always have been run immediately before the tests start.)
In my tests, this cuts something like 11 seconds off the run time (now
down to about 65 seconds).
Ken Raeburn [Mon, 2 Feb 2009 18:42:06 +0000 (18:42 +0000)]
address lib/kadm5 test suite slowness
In mod-principal tests for clearing the principal's policy, instead of
just testing to see if the wrong string is output and timing out
looking for it, check also for the new expected value. Cuts test
suite run time by about two minutes for each pass (client vs server).
Ken Raeburn [Sat, 31 Jan 2009 04:39:34 +0000 (04:39 +0000)]
use t_inetd with a ready message and avoid waiting a lot in non-root tests
Change t_inetd to print a ready message when it has started listening
on the indicated port number.
Look for this message in sample.exp rather than waiting an arbitrary
(and usually excessive) 2s each time for the inetd-mode tests. Use
run_once to perform the standalone-mode test only once per test suite
invocation.
Change rsh and rcp tests to start the servers via t_inetd and avoid
excessive waiting at startup.
In some of my tests, this reduces the tests/dejagnu tests from taking
over 6 minutes to taking around 2 minutes.
(This does mean the server process will no longer have started up
before we launch the client, so it may be slower to respond, but it'll
still be faster than the 2s delay we used before even trying to
connect.)
We can probably eliminate the -D option code from krshd.c now.
The tests run as root (rlogin, telnet) still need updating.
Will Fiveash [Fri, 30 Jan 2009 23:55:14 +0000 (23:55 +0000)]
Master Key Migration Project
Commit for the Master Key Migration Project.
http://k5wiki.kerberos.org/wiki/Projects/Master_Key_Migration
This commit provides the ability to add a new master key (with an
enctype differing from the current master key) to the master key
principal and stash file and then migrate the encryption of existing
principals long term keys to use the new master key. In addition
deletion of master keys is provided.
projects / thirdparty / krb5.git / log
