"Secure coding" audit checkers and Kerberos

[John Hascall]

> When error handling is necessary, it's often better if there is one
> error path and not many.  If we are concatenating three strings into an
> allocated buffer, I do not want to see unreachable and untestable error
> paths on each of the three string-copy calls.

It seems to me that here is where static analysis tools,
(like Coverity's), can be a help.

John