Static analyzer appeasement
This commit is contained in:
parent
6ea5e5fa9a
commit
bff738a25d
28
Remove-null-check-in-krb5_gss_duplicate_name.patch
Normal file
28
Remove-null-check-in-krb5_gss_duplicate_name.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From 7016aa77499732446d7bc838b95810c8cdf5b15b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Fri, 30 Aug 2019 11:19:52 -0400
|
||||||
|
Subject: [PATCH] Remove null check in krb5_gss_duplicate_name()
|
||||||
|
|
||||||
|
Within the krb5 mechanism, we require minor_status to be writable
|
||||||
|
without checking. Remove the null check in krb5_gss_duplicate_name()
|
||||||
|
to squash a forward-null defect.
|
||||||
|
|
||||||
|
(cherry picked from commit 9fd7bc179f0bd74fc83c1edf0247dcfd87fc73e6)
|
||||||
|
---
|
||||||
|
src/lib/gssapi/krb5/duplicate_name.c | 3 +--
|
||||||
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/lib/gssapi/krb5/duplicate_name.c b/src/lib/gssapi/krb5/duplicate_name.c
|
||||||
|
index b88d97d9d..ea53e9c0d 100644
|
||||||
|
--- a/src/lib/gssapi/krb5/duplicate_name.c
|
||||||
|
+++ b/src/lib/gssapi/krb5/duplicate_name.c
|
||||||
|
@@ -34,8 +34,7 @@ krb5_gss_duplicate_name(OM_uint32 *minor_status, const gss_name_t input_name,
|
||||||
|
krb5_error_code code;
|
||||||
|
krb5_gss_name_t princ, outprinc;
|
||||||
|
|
||||||
|
- if (minor_status)
|
||||||
|
- *minor_status = 0;
|
||||||
|
+ *minor_status = 0;
|
||||||
|
|
||||||
|
code = krb5_gss_init_context(&context);
|
||||||
|
if (code) {
|
34
Squash-apparent-forward-null-in-clnttcp_create.patch
Normal file
34
Squash-apparent-forward-null-in-clnttcp_create.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
From e2087bcf8a10fa0ecc4f0663e8df9b7ef5752805 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Robbie Harwood <rharwood@redhat.com>
|
||||||
|
Date: Fri, 30 Aug 2019 11:16:58 -0400
|
||||||
|
Subject: [PATCH] Squash apparent forward-null in clnttcp_create()
|
||||||
|
|
||||||
|
clnttcp_create() only allows raddr to be NULL if *sockp is set.
|
||||||
|
Static analyzers cannot know this, so can report a forward null
|
||||||
|
defect. Add an raddr check before calling connect() to squash the
|
||||||
|
defect.
|
||||||
|
|
||||||
|
[ghudson@mit.edu: rewrote commit message]
|
||||||
|
|
||||||
|
(cherry picked from commit b2f688eedd4bcca525201ef9485749a8c20b808a)
|
||||||
|
---
|
||||||
|
src/lib/rpc/clnt_tcp.c | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/lib/rpc/clnt_tcp.c b/src/lib/rpc/clnt_tcp.c
|
||||||
|
index 87761906c..dbd62d0a7 100644
|
||||||
|
--- a/src/lib/rpc/clnt_tcp.c
|
||||||
|
+++ b/src/lib/rpc/clnt_tcp.c
|
||||||
|
@@ -168,9 +168,9 @@ clnttcp_create(
|
||||||
|
if (*sockp < 0) {
|
||||||
|
*sockp = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
|
||||||
|
(void)bindresvport_sa(*sockp, NULL);
|
||||||
|
- if ((*sockp < 0)
|
||||||
|
- || (connect(*sockp, (struct sockaddr *)raddr,
|
||||||
|
- sizeof(*raddr)) < 0)) {
|
||||||
|
+ if (*sockp < 0 || raddr == NULL ||
|
||||||
|
+ connect(*sockp, (struct sockaddr *)raddr,
|
||||||
|
+ sizeof(*raddr)) < 0) {
|
||||||
|
rpc_createerr.cf_stat = RPC_SYSTEMERROR;
|
||||||
|
rpc_createerr.cf_error.re_errno = errno;
|
||||||
|
(void)closesocket(*sockp);
|
@ -18,7 +18,7 @@ Summary: The Kerberos network authentication system
|
|||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.17
|
Version: 1.17
|
||||||
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
|
# for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces)
|
||||||
Release: 43%{?dist}
|
Release: 44%{?dist}
|
||||||
|
|
||||||
# lookaside-cached sources; two downloads and a build artifact
|
# lookaside-cached sources; two downloads and a build artifact
|
||||||
Source0: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}%{prerelease}.tar.gz
|
Source0: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}%{prerelease}.tar.gz
|
||||||
@ -121,6 +121,8 @@ Patch159: Initialize-life-rlife-in-kdcpolicy-interface.patch
|
|||||||
Patch160: Fix-KCM-client-time-offset-propagation.patch
|
Patch160: Fix-KCM-client-time-offset-propagation.patch
|
||||||
Patch161: krb5-1.17post5-FIPS-with-PRNG-and-RADIUS-without-SPA.patch
|
Patch161: krb5-1.17post5-FIPS-with-PRNG-and-RADIUS-without-SPA.patch
|
||||||
Patch162: Simplify-krb5_dbe_def_search_enctype.patch
|
Patch162: Simplify-krb5_dbe_def_search_enctype.patch
|
||||||
|
Patch163: Squash-apparent-forward-null-in-clnttcp_create.patch
|
||||||
|
Patch164: Remove-null-check-in-krb5_gss_duplicate_name.patch
|
||||||
|
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: https://web.mit.edu/kerberos/www/
|
URL: https://web.mit.edu/kerberos/www/
|
||||||
@ -727,6 +729,9 @@ exit 0
|
|||||||
%{_libdir}/libkadm5srv_mit.so.*
|
%{_libdir}/libkadm5srv_mit.so.*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Sep 12 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-44
|
||||||
|
- Static analyzer appeasement
|
||||||
|
|
||||||
* Tue Aug 27 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-43
|
* Tue Aug 27 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-43
|
||||||
- Simplify krb5_dbe_def_search_enctype()
|
- Simplify krb5_dbe_def_search_enctype()
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user