krb5 commit: Add NegoEx assertion to squash defect
Greg Hudson
ghudson at mit.edu
Sun Jan 5 01:54:30 EST 2020
https://github.com/krb5/krb5/commit/38151b3c1e69873122065e1f8351c026e1edc737
commit 38151b3c1e69873122065e1f8351c026e1edc737
Author: Greg Hudson <ghudson at mit.edu>
Date: Mon Dec 9 11:42:47 2019 -0500
Add NegoEx assertion to squash defect
Coverity sees negoex_init() test whether input_token is null before
parsing messages, then dereference input_token in verify_checksum().
Of course verify_checksum() will not find a checksum message if no
messages were parsed. Add an assert to squash the false positive
forward-null defect.
src/lib/gssapi/spnego/negoex_ctx.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/lib/gssapi/spnego/negoex_ctx.c b/src/lib/gssapi/spnego/negoex_ctx.c
index e69b720..18d9d41 100644
--- a/src/lib/gssapi/spnego/negoex_ctx.c
+++ b/src/lib/gssapi/spnego/negoex_ctx.c
@@ -454,6 +454,7 @@ verify_checksum(OM_uint32 *minor, spnego_gss_ctx_id_t ctx,
/* Verify the checksum over the existing transcript and the portion of the
* input token leading up to the verify message. */
+ assert(input_token != NULL);
iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
iov[0].data = make_data(ctx->negoex_transcript.data,
ctx->negoex_transcript.len);
More information about the cvs-krb5
mailing list