svn rev #22866: trunk/src/lib/crypto/krb/
Greg Hudson
ghudson at MIT.EDU
Thu Oct 8 00:17:19 EDT 2009
On Wed, 2009-10-07 at 22:00 -0400, Ken Raeburn wrote:
> On Oct 7, 2009, at 14:14, ghudson at MIT.EDU wrote:
> > Log Message:
> > In krb5_c_make_checksum, avoid the structure copy of *input since we
> > don't care about input->magic. Squashes a bunch of unimportant
> > Coverity defects.
>
> So Coverity cares about uninitialized (I assume) fields in structure
> copies? Then for consistency, shouldn't our coding standards specify
> either never doing structure copies (ick), or always initializing the
> magic number fields?
This was a case-by-case decision; we had over a dozen places in the code
which weren't initializing the structure field, but only one structure
copy.
I don't know what to make of the magic fields in krb5. As a general C
programming concept, they never really caught on. Within the krb5 code
base, we rarely check them (killing any safety advantage) and set them
haphazardly. We can't generally add checks without breaking the API.
Mostly they just get in the way of doing structure copies without
irritating static analysis tools.
If we do want to clean up all of the krb5_data initializations so that
we can do structure copies, perhaps a "data_init" helper would make it
more palatable. We could have similar helpers for other small
structures like krb5_octet_data and krb5_enc_data.
More information about the krbdev
mailing list