krb5 commit: Fix error handling in PKINIT decode_data()

Greg Hudson ghudson at mit.edu
Thu Dec 15 11:31:49 EST 2016


https://github.com/krb5/krb5/commit/cc9035a7d25008bdcd9c7beb01670aa57b51d829
commit cc9035a7d25008bdcd9c7beb01670aa57b51d829
Author: Greg Hudson <ghudson at mit.edu>
Date:   Wed Dec 14 11:25:41 2016 -0500

    Fix error handling in PKINIT decode_data()
    
    decode_data() mixes errno values with OpenSSL return codes.  Change
    its return type to int, and return 1 on success or 0 on failure.
    
    ticket: 8525 (new)
    target_version: 1.15-next
    target_version: 1.14-next
    tags: pullup

 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |   17 +++++++----------
 1 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 7dcdf04..74fffbf 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -4188,24 +4188,24 @@ pkinit_sign_data(krb5_context context,
 }
 
 
-static krb5_error_code
+static int
 decode_data(uint8_t **out_data, unsigned int *out_data_len,
             const uint8_t *data, unsigned int data_len, EVP_PKEY *pkey,
             X509 *cert)
 {
-    krb5_error_code retval = ENOMEM;
+    int retval;
     unsigned char *buf = NULL;
     int buf_len = 0;
 
     if (cert && !X509_check_private_key(cert, pkey)) {
         pkiDebug("private key does not match certificate\n");
-        goto cleanup;
+        return 0;
     }
 
     buf_len = EVP_PKEY_size(pkey);
     buf = malloc((size_t) buf_len + 10);
     if (buf == NULL)
-        goto cleanup;
+        return 0;
 
 #if OPENSSL_VERSION_NUMBER >= 0x00909000L
     retval = EVP_PKEY_decrypt_old(buf, data, (int)data_len, pkey);
@@ -4214,16 +4214,13 @@ decode_data(uint8_t **out_data, unsigned int *out_data_len,
 #endif
     if (retval <= 0) {
         pkiDebug("unable to decrypt received data (len=%d)\n", data_len);
-        goto cleanup;
+        free(buf);
+        return 0;
     }
     *out_data = buf;
     *out_data_len = retval;
 
-cleanup:
-    if (retval == ENOMEM)
-        free(buf);
-
-    return retval;
+    return 1;
 }
 
 static krb5_error_code


More information about the cvs-krb5 mailing list