Exception handling and resource cleanup

[Sam Hartman]

I chose style (2) for FAST because of strong recommendations for that
style from Alexis based on KFM and KLL/KIM.

Before I go into goto vs if-ladder I'd like to distinguish to sub-styles of goto:

goto-many-labels and goto-one-label.  Code like send_tgs.c uses
goto--many-labels.  The idea is that you goto some label based on what
resources need to be cleaned up.

In goto-one-label, such as do_as_req and do_tgs_req.c in the KDC,
there is one cleanup handler at the  bottom of the function.


I would like to recommend against goto-many-labels for the same
reasons that free everything and return is bad.  It doesn't suffer
from the code duplication, but it does make it easy to leak resources
or introduce other memory management errors.

Personally, I don't find the differences between goto-one-label and
iff-ladder all that significant.  I find if-ladder a bit easier to
deal with if the code doesn't have a lot of loops.  I think the
encrypted challenge plugin and most of fast.c are reasonably easy to
follow.  I also think the KFM code I've seen using this style is easy
to follow.

One advantage of if-ladder is that resource cleanup can sometimes be
much closer to resource allocation than with goto-one-label.

However I either don't know how to do if-ladder with loops or it
doesn't work well.  Take a look at prepare_as_error in do_as_req.c.  I
think that code would have been better using goto-one-label.

My personal preference is that we permit either goto-one-label or
if-ladder, although not both within the same function.  If people want
to standardize on one, that would be OK, although that would not be my
preference.