git.ipfire.org Git - thirdparty/krb5.git/commit

author	Julien Rische <jrische@redhat.com>
	Fri, 6 Sep 2024 15:18:11 +0000 (17:18 +0200)
committer	Greg Hudson <ghudson@mit.edu>
	Fri, 27 Sep 2024 22:00:30 +0000 (18:00 -0400)
commit	a96541981ee34c8642ddeb6101b98e883e41c6e5
tree	68dc16c63f5b7b9d7b2760554e8bf7247d1eded8	tree
parent	1bfcf572241a4ec0e44e609e5c6b7c0b11b08eea	commit \| diff

Fix various issues detected by static analysis

In klists's show_credential(), ensure that the column counter doesn't
decrease if printf() fails.

In process_k5beta7_princ(), bounds-check the e_length field.

In ndr_enc_delegation_info(), initialize b so it is always valid for
the cleanup handler.

In krb5_dbe_def_decrypt_key_data(), change the flow control so ret is
always set by the end of the function. Return KRB5_KDB_INVALIDKEYSIZE
if there isn't enough data in the first key_data_contents field or if
the serialized key length is invalid.

In svcauth_gss_validate(), expand rpchdr to accomodate the header plus
MAX_AUTH_BYTES.

In svcudp_reply(), change slen to unsigned to match the return type of
XDR_GETPOS() and eliminate an unnecessary check for slen >= 0.

In krb5int_pthread_loaded()(), remove pthread_equal() from the weak
symbol checks. It is implemented as an inline function in some glibc
versions, which makes the comparison "&pthread_equal == 0" always
false.

[ghudson@mit.edu: further modified krb5_dbe_def_decrypt_key_data() for
clarity; added detail to commit message]

src/clients/klist/klist.c		diff \| blob \| blame \| history
src/kadmin/dbutil/dump.c		diff \| blob \| blame \| history
src/kdc/ndr.c		diff \| blob \| blame \| history
src/lib/kdb/decrypt_key.c		diff \| blob \| blame \| history
src/lib/rpc/svc_auth_gss.c		diff \| blob \| blame \| history
src/lib/rpc/svc_udp.c		diff \| blob \| blame \| history
src/util/support/threads.c		diff \| blob \| blame \| history