krb5 commit: Fix minor static analysis defects

Greg Hudson ghudson at mit.edu
Thu Oct 22 20:28:31 EDT 2020


https://github.com/krb5/krb5/commit/b27461141810fddd299764928649148c5d0e99f3
commit b27461141810fddd299764928649148c5d0e99f3
Author: Robbie Harwood <rharwood at redhat.com>
Date:   Thu Oct 15 18:15:29 2020 -0400

    Fix minor static analysis defects
    
    Remove an unused variable in krb5_ldap_create().  Handle the return
    value from krb5_dbe_get_string() in the certauth test plugin module.
    Handle the return value from k5_expand_path_tokens() in
    k5_rc_default().  Remove dead assignments in
    krb5_get_credentials_for_user() and kg_accept_krb5().
    
    [ghudson at mit.edu: squashed and edited commit message; simplified
    k5_rc_default() change]

 src/lib/gssapi/krb5/accept_sec_context.c       |    4 +---
 src/lib/krb5/krb/s4u_creds.c                   |    1 -
 src/lib/krb5/rcache/rc_base.c                  |    2 ++
 src/plugins/certauth/test/main.c               |    3 +++
 src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c |    4 ----
 5 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 85be82e..636ee30 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -671,7 +671,7 @@ kg_accept_krb5(minor_status, context_handle,
     krb5_auth_context auth_context = NULL;
     krb5_ticket * ticket = NULL;
     const gss_OID_desc *mech_used = NULL;
-    OM_uint32 major_status = GSS_S_FAILURE;
+    OM_uint32 major_status;
     OM_uint32 tmp_minor_status;
     krb5_error krb_error_data;
     krb5_data scratch;
@@ -878,8 +878,6 @@ kg_accept_krb5(minor_status, context_handle,
     if (major_status != GSS_S_COMPLETE)
         goto fail;
 
-    major_status = GSS_S_FAILURE;
-
     if (exts->iakerb.conv && !exts->iakerb.verified) {
         major_status = GSS_S_BAD_SIG;
         goto fail;
diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c
index 73b59ff..b448110 100644
--- a/src/lib/krb5/krb/s4u_creds.c
+++ b/src/lib/krb5/krb/s4u_creds.c
@@ -713,7 +713,6 @@ krb5_get_credentials_for_user(krb5_context context, krb5_flags options,
         } else if (code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE) {
             goto cleanup;
         }
-        code = 0;
     }
 
     /* Note the authdata we asked for in the output creds. */
diff --git a/src/lib/krb5/rcache/rc_base.c b/src/lib/krb5/rcache/rc_base.c
index 5f456d1..f9a4823 100644
--- a/src/lib/krb5/rcache/rc_base.c
+++ b/src/lib/krb5/rcache/rc_base.c
@@ -56,6 +56,8 @@ k5_rc_default(krb5_context context, krb5_rcache *rc_out)
                            &profstr) == 0 && profstr != NULL) {
         ret = k5_expand_path_tokens(context, profstr, &rcname);
         profile_release_string(profstr);
+        if (ret)
+            return ret;
         ret = k5_rc_resolve(context, rcname, rc_out);
         free(rcname);
         return ret;
diff --git a/src/plugins/certauth/test/main.c b/src/plugins/certauth/test/main.c
index d4633b8..7e7a3ef 100644
--- a/src/plugins/certauth/test/main.c
+++ b/src/plugins/certauth/test/main.c
@@ -171,6 +171,9 @@ test2_authorize(krb5_context context, krb5_certauth_moddata moddata,
 
     ret = krb5_dbe_get_string(context, (krb5_db_entry *)db_entry, "hwauth",
                               &strval);
+    if (ret)
+        goto cleanup;
+
     ret = (strval != NULL) ? KRB5_CERTAUTH_HWAUTH : 0;
     krb5_dbe_free_string(context, strval);
 
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
index 5b57c79..2d66056 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
@@ -55,7 +55,6 @@ krb5_ldap_create(krb5_context context, char *conf_section, char **db_args)
     krb5_error_code status = 0;
     krb5_ldap_realm_params *rparams = NULL;
     krb5_ldap_context *ldap_context=NULL;
-    krb5_boolean realm_obj_created = FALSE;
     int mask = 0;
 
     /* Clear the global error string */
@@ -109,9 +108,6 @@ krb5_ldap_create(krb5_context context, char *conf_section, char **db_args)
     if ((status = krb5_ldap_create_realm(context, rparams, mask)))
         goto cleanup;
 
-    /* We just created the Realm container. Here starts our transaction tracking */
-    realm_obj_created = TRUE;
-
     /* verify realm object */
     if ((status = krb5_ldap_read_realm_params(context,
                                               rparams->realm_name,


More information about the cvs-krb5 mailing list