From bfdc7c0b7be1f33f451a173fb1155450fbe25690 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Fri, 23 Oct 2020 10:25:37 -0400 Subject: [PATCH] Fix minor static analysis defects --- Fix-minor-static-analysis-defects.patch | 106 ++++++++++++++++++++++++ krb5.spec | 6 +- 2 files changed, 111 insertions(+), 1 deletion(-) create mode 100644 Fix-minor-static-analysis-defects.patch diff --git a/Fix-minor-static-analysis-defects.patch b/Fix-minor-static-analysis-defects.patch new file mode 100644 index 0000000..653bce1 --- /dev/null +++ b/Fix-minor-static-analysis-defects.patch @@ -0,0 +1,106 @@ +From c3d96fca46cb2cc3ee9f4c2e2a4ed98bad3e310a Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Thu, 15 Oct 2020 18:15:29 -0400 +Subject: [PATCH] Fix minor static analysis defects + +Remove an unused variable in krb5_ldap_create(). Handle the return +value from krb5_dbe_get_string() in the certauth test plugin module. +Handle the return value from k5_expand_path_tokens() in +k5_rc_default(). Remove dead assignments in +krb5_get_credentials_for_user() and kg_accept_krb5(). + +[ghudson@mit.edu: squashed and edited commit message; simplified +k5_rc_default() change] + +(cherry picked from commit b27461141810fddd299764928649148c5d0e99f3) +--- + src/lib/gssapi/krb5/accept_sec_context.c | 4 +--- + src/lib/krb5/krb/s4u_creds.c | 1 - + src/lib/krb5/rcache/rc_base.c | 2 ++ + src/plugins/certauth/test/main.c | 3 +++ + src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c | 4 ---- + 5 files changed, 6 insertions(+), 8 deletions(-) + +diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c +index 3d5b84b15..e2c5e2b59 100644 +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -671,7 +671,7 @@ kg_accept_krb5(minor_status, context_handle, + krb5_auth_context auth_context = NULL; + krb5_ticket * ticket = NULL; + const gss_OID_desc *mech_used = NULL; +- OM_uint32 major_status = GSS_S_FAILURE; ++ OM_uint32 major_status; + OM_uint32 tmp_minor_status; + krb5_error krb_error_data; + krb5_data scratch; +@@ -878,8 +878,6 @@ kg_accept_krb5(minor_status, context_handle, + if (major_status != GSS_S_COMPLETE) + goto fail; + +- major_status = GSS_S_FAILURE; +- + if (exts->iakerb.conv && !exts->iakerb.verified) { + major_status = GSS_S_BAD_SIG; + goto fail; +diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c +index d8f486dc6..35a8843e5 100644 +--- a/src/lib/krb5/krb/s4u_creds.c ++++ b/src/lib/krb5/krb/s4u_creds.c +@@ -714,7 +714,6 @@ krb5_get_credentials_for_user(krb5_context context, krb5_flags options, + } else if (code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE) { + goto cleanup; + } +- code = 0; + } + + /* Note the authdata we asked for in the output creds. */ +diff --git a/src/lib/krb5/rcache/rc_base.c b/src/lib/krb5/rcache/rc_base.c +index 5f456d1f3..f9a482318 100644 +--- a/src/lib/krb5/rcache/rc_base.c ++++ b/src/lib/krb5/rcache/rc_base.c +@@ -56,6 +56,8 @@ k5_rc_default(krb5_context context, krb5_rcache *rc_out) + &profstr) == 0 && profstr != NULL) { + ret = k5_expand_path_tokens(context, profstr, &rcname); + profile_release_string(profstr); ++ if (ret) ++ return ret; + ret = k5_rc_resolve(context, rcname, rc_out); + free(rcname); + return ret; +diff --git a/src/plugins/certauth/test/main.c b/src/plugins/certauth/test/main.c +index d4633b8cd..7e7a3ef4c 100644 +--- a/src/plugins/certauth/test/main.c ++++ b/src/plugins/certauth/test/main.c +@@ -171,6 +171,9 @@ test2_authorize(krb5_context context, krb5_certauth_moddata moddata, + + ret = krb5_dbe_get_string(context, (krb5_db_entry *)db_entry, "hwauth", + &strval); ++ if (ret) ++ goto cleanup; ++ + ret = (strval != NULL) ? KRB5_CERTAUTH_HWAUTH : 0; + krb5_dbe_free_string(context, strval); + +diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c +index 5b57c799a..2d6605666 100644 +--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c ++++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c +@@ -55,7 +55,6 @@ krb5_ldap_create(krb5_context context, char *conf_section, char **db_args) + krb5_error_code status = 0; + krb5_ldap_realm_params *rparams = NULL; + krb5_ldap_context *ldap_context=NULL; +- krb5_boolean realm_obj_created = FALSE; + int mask = 0; + + /* Clear the global error string */ +@@ -109,9 +108,6 @@ krb5_ldap_create(krb5_context context, char *conf_section, char **db_args) + if ((status = krb5_ldap_create_realm(context, rparams, mask))) + goto cleanup; + +- /* We just created the Realm container. Here starts our transaction tracking */ +- realm_obj_created = TRUE; +- + /* verify realm object */ + if ((status = krb5_ldap_read_realm_params(context, + rparams->realm_name, diff --git a/krb5.spec b/krb5.spec index 30396a5..3cc61cf 100644 --- a/krb5.spec +++ b/krb5.spec @@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.18.2 # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) -Release: 27%{?dist} +Release: 28%{?dist} # rharwood has trust path to signing key and verifies on check-in Source0: https://web.mit.edu/kerberos/dist/krb5/1.18/krb5-%{version}%{prerelease}.tar.gz @@ -80,6 +80,7 @@ Patch41: Allow-aliases-when-matching-U2U-second-ticket.patch Patch42: Refactor-KDC-authdata-list-management-helpers.patch Patch43: Avoid-passing-DB-entry-structures-in-KDC.patch Patch44: Minimize-usage-of-tgs_server-in-KDC.patch +Patch45: Fix-minor-static-analysis-defects.patch License: MIT URL: https://web.mit.edu/kerberos/www/ @@ -640,6 +641,9 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Fri Oct 23 2020 Robbie Harwood - 1.18.2-28 +- Fix minor static analysis defects + * Wed Oct 21 2020 Robbie Harwood - 1.18.2-27 - Fix build of previous